Cheqroom

Single Sign-On (SSO) allows users to log in to Cheqroom using credentials from an external identity provider (IdP) like Google, Okta, Microsoft Entra ID, or others. With SSO, users only need one set of credentials to access multiple systems, improving convenience and security.

___________________________________________________________

We support Just-in-Time (JIT) provisioning for users. This means users are automatically created in your account the first time they log in through SSO. You don’t need to pre-create users manually.

If user already exists in the system, then we will automatically link the user based on email address.

For information on syncing your LDAP or Active Directory, see articles here.

SSO in Cheqroom is configured on a per-workspace basis. This means:

If your organization has multiple workspaces, you must configure SSO individually for each workspace.

Each workspace can only be linked to a single identity provider (IdP). You cannot configure multiple SSO providers within the same workspace.

- If your organization has multiple workspaces, you must configure SSO individually for each workspace.
- Each workspace can only be linked to a single identity provider (IdP). You cannot configure multiple SSO providers within the same workspace.

This ensures a clear and organized SSO setup across your organization while maintaining proper authentication boundaries for each workspace.

Our platform integrates with SAML 2.0-based identity providers. Supported providers include:

<a href="https://help.cheqroom.com/en/articles/10471750-configuring-sso-with-google">Google</a>

<a href="https://help.cheqroom.com/en/articles/10471657-configuring-sso-with-microsoft-entra-id-azure-ad">Microsoft Entra ID (Azure AD)</a>

<a href="https://help.cheqroom.com/en/articles/10471598-configuring-sso-with-onelogin">OneLogin</a>

<a href="https://help.cheqroom.com/en/articles/10478799-configuring-sso-with-shibboleth">Shibboleth</a>

<a href="https://help.cheqroom.com/en/articles/10478840-configuring-sso-with-saml-idp">Any SAML 2.0-compliant IdP</a> ​

- <a href="https://help.cheqroom.com/en/articles/10478745-configuring-sso-with-okta">Okta</a>
- <a href="https://help.cheqroom.com/en/articles/10471750-configuring-sso-with-google">Google</a>
- <a href="https://help.cheqroom.com/en/articles/10471657-configuring-sso-with-microsoft-entra-id-azure-ad">Microsoft Entra ID (Azure AD)</a>
- <a href="https://help.cheqroom.com/en/articles/10471598-configuring-sso-with-onelogin">OneLogin</a>
- <a href="https://help.cheqroom.com/en/articles/10478818-configuring-sso-with-adfs">ADFS</a>
- <a href="https://help.cheqroom.com/en/articles/10478799-configuring-sso-with-shibboleth">Shibboleth</a>
- <a href="https://help.cheqroom.com/en/articles/10478840-configuring-sso-with-saml-idp">Any SAML 2.0-compliant IdP</a> ​

To enhance security and ensure users authenticate through your Single Sign-On (SSO) provider, you can require SSO as the only login method for your workspace. This prevents users from logging in with a password and enforces consistent authentication via your configured Identity Provider (IdP).

Account Owners Users with the account owner role will always have the option to also login through password to prevent lockouts.

Api Keys If you have created API keys to integrate with the Cheqroom API directly, then these will also not be affected by the require SSO setting

- Account Owners Users with the account owner role will always have the option to also login through password to prevent lockouts.
- Api Keys If you have created API keys to integrate with the Cheqroom API directly, then these will also not be affected by the require SSO setting

Go to Settings &gt; Authentication

- Go to Settings &gt; Authentication
- Enable/disable Require SSO toggle

What is Single Sign-On (SSO)?

User Provisioning

SSO Per Workspace

How We Support SSO

Require SSO for workspace

Exceptions

Manage Require SSO setting