Create Cheqroom application in Microsoft Entra ID
Log in to your Azure account
Click the hamburger menu in the top left
Click Microsoft Entra ID
Click Enterprise applications
Click New application
Click Create your own application
Create your own application:
Type name of the application (f.e. Cheqroom)
Select Integrate any other application you don’t find in the gallery (Non-gallery)
Click Create
Click Single sign-on
Select SAML
Click Edit to configure the Basic SAML Configuration
Basic SAML Configuration:
Click Add identifier
Paste the Audience URI (Entity ID) value here, see Get Cheqroom Metadata to enter in Microsoft Entra ID for more information
Click Add reply URL
Paste the Single sign on url value here, see Get Cheqroom Metadata to enter in Microsoft Entra ID for more information
Click Save
Configure which users can access the Cheqroom application
If you want to allow every user to access the Cheqroom application you can choose the disable the assignment required toggle:
Click Properties
Toggle Assignment required? option to No
Click Save
If you want to control which users can access the Cheqroom application, you leave the Assignement required option to Yes and then manually assign Groups/Users access to the application:
Click Users and groups
Click Add user/group
Select users you want to give access to Cheqroom
Click Assign
Get Cheqroom Metadata to enter in Microsoft Entra ID
Log in to your Cheqroom account
Go to Settings > Authentication
Enable or edit SSO configuration:
If you haven’t enabled your SSO configuration already, click the Enable SAML SSO toggle
If SAML SSO is already enabled, click Edit SSO Configuration
The Cheqroom metadata section provides all required information you need to enter in OneLogin
Get Microsoft Entra ID Metadata to enter in Cheqroom
Log in to your Azure account
Go to Microsoft Entra ID > Enterprise applications > Cheqroom
Click Single sign-on
Copy the App Federation Metadata Url
Enable SSO in Cheqroom
Log in to your Cheqroom account
Go to Settings > Authentication
Click Enable SAML SSO toggle
Choose Microsoft Entra ID as SAML Identity Provider
Cheqroom Metadata is needed to setup a Cheqroom application in Microsoft Entra ID, see Create Cheqroom application in Microsoft Entra ID
Enter metadata url of Microsoft Entra ID, see Get Microsoft Entra ID Metadata to enter in Cheqroom
Click Next to go to the Settings configuration step
Roles configuration
Choose a Default role, this will be assigned to a user who logs in through Microsoft Entra ID but has no assigned role. Here we recommend using a role that hasn't got a lot of permissions (for example the Equipment Viewer role)
Choose how user roles are managed, this lets you choose if you want to manage the roles from Microsoft Entra ID or keep the role management in Cheqroom. See Configure how roles are managed for SSO for more information.
User groups configuration This option is only available if you have created some user groups for your account, see Create User Groups
Choose a Default user group
Choose how user groups are managed, see Configure how user groups are managed for SSO
Click Next to go the the Attribute mappings step
See Configure SSO attribute mapping for configuring attribute mapping
Click Next to go the the Test connection step
Configure User Roles in Microsoft Entra ID
Log in to your Azure account
Go to Microsoft Entra ID > App registrations > All applications > Cheqroom
Click Manifest
Manifest
Paste the role value in the appRoles section between the square brackets ([...]) See Configure how roles are managed for SSO to get role value
Click Save
Repeat the above steps if you want to assign more roles
Go to Microsoft Entra ID > Enterprise applications > Cheqroom
Click Users and groups
Select the User(s) and/or Group(s) for which you want to assign a role and click Edit
Click Select a role and then select the role that you want to assign and click Select
Click Assign
Optional if you haven’t configured the Cheqroom application yet to return role claim
Go to Microsoft Entra ID > Enterprise applications > Cheqroom
Click Single sign-on
Click Edit to configure Attributes & Claims
Click Add new claim
Add new claim
Fill in role as name
File in namespace http://schemas.microsoft.com/ws/2008/06/identity/claims
Select Attribute for Source
Select user.assignedroles for Source attribute
Click Save
Configure User Groups in Microsoft Entra ID
Manage single user groups assigned to users
Manage single user groups assigned to users
Log in to your Azure account
Go to Microsoft Entra ID > Enterprise applications > Cheqroom
Click Single sign-on
Click Edit to configure Attributes & Claims
Click Add new claim
Add new claim
Enter cheqroom__user_group for the claim Name
Leave namespace empty
Click Claim conditions
Claim conditions ****Here you can configure how the user groups are going to be assigned to a user when he logs in. For this example we will use the Azure user groups that are already present to match them to a Cheqroom user group id.
Select Any as User type
Click Select groups
Choose one or more Azure groups that you want to match to Cheqroom user groups and click Select
Select Attribute for Source
Paste the user group value in the Value input we want to assign, in our use case f.e 2pUxarjneB8Jh3DDSKABTD ****See Configure how User Gruops are managed for SSO to get user group id value
Repeat the above steps for the different user groups you want to configure.
Click Save
Manage multiple user groups assigned to users
Manage multiple user groups assigned to users
To manage multiple user groups from Microsoft Entra ID, we will add specific groups that correspond to Cheqroom user groups. Each group name will include the unique Cheqroom user group ID. This approach ensures that Cheqroom receives the group ID values associated with each user's assignments.
The group naming convention acts as a workaround because, in enterprise applications, there is currently no straightforward way to return multiple values with a specific attribute. By including group claims, we can use regular expressions to extract the group IDs from the group names for all assigned groups.*
Log in to your Azure account
Go to Groups
Click New Group
New Group
Select Security for Group type
Enter Cheqroom-{usergroupname}-{usergroupid} for the Group name See Configure how User Groups are managed for SSO to get usergroupid value and usergroupname and replace them, so you eventually get something like f.e Cheqroom-Teachers-nxoWkUvxHkpeszoyxyj4py
Click No members selected, to select which users/group you want to assigns to the user group
Click Create
Repeat this for each user group you want to be able to assign in Microsoft Entra ID
Go to Microsoft Entra ID > Enterprise applications > Cheqroom
Click Users and groups
Click None Selected for ****Users and groups
Select Users and groups
Select the newly created Groups you added to represent the user groups in Cheqroom
Click Select
Click None selected for Select a role
Select a role
Select User
Click Select
Click Assign
Click Single sign-on
Click Edit to configure Attributes & Claims
Click Add a group claim
Add group claim claim
Select Groups assigned to application for Which groups associated with the user should be returned in the claim?
Select Cloud-only group display names for ****Source attribute
Click Advanced options
Check Filter groups
Select Display name for Attribute to match
Select Prefix for Match with
Enter Cheqroom- for String
Check Customize the name of the group claim
Enter cheqroom__user_group
Leave namespace empty
Select Apply regex replace to groups claim content
Enter ^Cheqroom-(.)-(?'usergroupid'.)$ for Regex pattern
Enter {usergroupid} for Regex replacement pattern
Click Save
