Configuring SSO with Okta | Cheqroom Help Center

Create Cheqroom application in Okta

Log in to your Okta account
Click Applications
Click Create App Integration

Create new app integration
- Select SAML 2.0 for Sign-in method
- Click Next
Create SAML Integration
- Fill in app name, e.g. Cheqroom
- App logo
  
  Right click to download
- Select Do not display application icon to users
  Cheqroom only allows SP-initiated SSO, so you need to hide the application icon from your users because this will trigger an IDP-initiated SSO. See Add Bookmark App for Cheqroom to still allow your users to login from Okta
- Click Next
- Configure SAML
  - Single sign-on URL Here you need to paste the Single sign on url value. Please see Get Cheqroom Metadata to enter in Okta for more information
  - Audience URI (SP Entity ID) Here you need to paste the Audience URI (Entity ID) value. Please see Get Cheqroom Metadata to enter in Okta for more information
  - Click Show Advanced Settings
  - Signing Certificate
    Here you need to update the Cheqroom signing certificate. Please see Get Cheqroom Metadata to enter in Okta for more information
  - Check Allow application to initiate Single Logout
  - Single Logout URL
    Here you need to copy the Single logout url value. Please see Get Cheqroom Metadata to enter in Okta for more information.
  - SP Issuer
    Here you need to paste the Audience URI (Entity ID) value. Please see Get Cheqroom Metadata to enter in Okta for more information
  - Attribute Statements
    Fill in email for name
    Select user.email for value
    Click Add Another
    Fill in firstName for name
    Select user.firstName for value
    Click Add Another
    Fill in lastName for name
    Select user.lastName for value
    
    Repeat above steps if you want to add other attribute statements to be used in Cheqroom. See Configure SSO attribute mapping
  - Click Next
- Check This is an internal app that we have created and click Finish

Next go to the Assignments tab
Here you need to decide if you want to allow everyone access to the Cheqroom application or just specific people.
- Allow everyone access:
  - Click Assign > Assign to Groups
  - Click Assign (this will update it to Assigned)
  - Click Done
- Allow specific people access:
  - Click Assign > Assign to People
  - Click Assign for the People you want to allow access
  - Click Done

⚠️ Don’t forget this step, otherwise you won’t be able to login due to none of your users has access to the Cheqroom application. See User not assigned access to login

Get Okta Metadata to enter in Cheqroom

Log in to your Okta account
Click Applications
Go to Cheqroom application
Click Sign On
Click Copy action for Metadata URL

Get Cheqroom Metadata to enter in Okta

Log in to your Cheqroom account
Go to Settings > Authentication
Enable or edit SSO configuration:
- If you haven’t enabled your SSO configuration already, click the Enable SAML SSO toggle
- If SAML SSO is already enabled, click Edit SSO Configuration
The Cheqroom metadata section provides all required information you need to enter in Okta

Enable SSO in Cheqroom

Log in to your Cheqroom account
Go to Settings > Authentication
Click Enable SAML SSO toggle
Choose Okta as SAML Identity Provider
Cheqroom Metadata is needed to setup a Cheqroom application in Okta, see Create Cheqroom application in Okta
Enter metadata url of Okta, see Get Okta Metadata to enter in Cheqroom
Click Next to go to the Settings configuration step
Roles configuration
- Choose a Default role, this will be assigned to a user who logs in through Okta but has no assigned role. Here we recommend using a role that hasn't got a lot of permissions (for example the Equipment Viewer role)
- Choose how user roles are managed, this lets you choose if you want to manage the roles from Okta or keep the role management in Cheqroom. See Configure how roles are managed for SSO for more information.
User groups configuration This option is only available if you have created some user groups for your account, see Create User Groups
- Choose a Default user group
- Choose how user groups are managed, see Configure how user groups are managed for SSO
Click Next to go the the Attribute mappings step
- See Configure SSO attribute mapping for configuring attribute mapping
Click Next to go the the Test connection step
- See Test SSO connection

Add custom User Attribute in Okta

Log in to your Okta account
Go to Directory > Profile Editor > Cheqroom User

Click Add Attribute

Add Attribute
- Select Data type (most common is string)
- Enter a display name. Example: Cheqroom Role
- Enter a variable name. Example: cheqroom__role
- Check Define enumerated list of values Cheqroom user role and user group are predefined values so we can define these here
- Add the possible values you want to allow for the attribute
- Click Save

Configure User Roles in Okta

Log in to your Okta account
Prerequisites:
- You should have a custom Cheqroom Role attribute with variable name cheqroom__role, see Add custom User Attribute in Okta. Please see Configure how roles are managed for SSO how to get possible role values
Go Applications > Cheqroom application
Click Assignments
Click Pencil icon for the person(s) you want to assign a role to

Select a Cheqroom Role and click Save

Optional if you haven’t configured the Cheqroom application yet to return cheqroom__role saml attribute

Go to Applications > Cheqroom application
Click General
Click Edit SAML Settings

Edit SAML Integration
- Click Next
- SAML Settings
  - Scroll to Attribute Statements and click Add Another
  - Enter as attribute name cheqroom__role
  - Enter as attribute value appuser.cheqroom__role This value won’t be visible as on option in the select, so you need to type it yourself. The actual value you need to type here depends on the variable name you used when you added your custom attribute but it always needs to begin with appuser.<variable_name_of_your_custom_attribute>
- Click Next
- Click Finish

Configure User Groups in Okta

Log in to your Okta account
Prerequisites:
- You should have a custom Cheqroom User Group(s) attribute with variable name cheqroom__user_group, see Add custom User Attribute in Okta. Please see Configure how User Groups are managed for SSO how to get possible user group values.

💡Use Data type string array if you want to assign multiple user group(s) to a user

Go Applications > Cheqroom application
Click Assignments
Click Pencil icon for the person(s) you want to assign user group(s)

Select Cheqroom User Group(s) and click Save

Optional if you haven’t configured Cheqroom application yet to return cheqroom__user_group saml attribute

Go to Applications > Cheqroom application
Click General
Click Edit SAML Settings

Edit SAML Integration
- Click Next
- SAML Settings
  - Scroll to Attribute Statements and click Add Another
  - Enter as attribute name cheqroom__user_group
  - Enter as attribute value appuser.cheqroom__user_group This value won’t be visible as on option in the select, so you need to type it yourself. The actual value you need to type here depends on the variable name you used when you added your custom attribute but it always needs to begin with appuser.<variable_name_of_your_custom_attribute>
- Click Next
- Click Finish

Add Bookmark App for Cheqroom

Log in to your Okta account
Go to Applications
Click Browse App Catalog

Search Bookmark App and click Bookmark App

Click Add integration

Add Bookmark App
- Enter Cheqroom as Application label
- Enter https://login.cheqroom.com/<your_workspace_id>/login/strategy/sso as URL
Make sure to replace <your_workspace_id> with the value from the workspace for which you are configuring SSO. Go to Settings > General to find back your workspace id
- Click Done

Go to the Assignments

Choose which users that will be able to see the Cheqroom bookmark icon on their Dashboard. Assignment should be the same like the ones you configured the Cheqroom application

Troubleshooting Common Issues

Configuring SSO with OneLogin

Configuring SSO with Microsoft Entra ID (Azure AD)

Configuring SSO with Google

Configuring SSO with ADFS

Configuring SSO with SAML IdP