Configuring SSO with ADFS | Cheqroom Help Center

Add Relying Party Trust for Cheqroom in ADFS

Add Relying Party Trust Wizard
- Welcome
  - Click Start
- Select Data Source
  - Select Enter data about the relying party manually
  - Click Next
- Specify Display Name
  - Enter a display name, f.e Cheqroom
  - click Next
- Choose Profile
  - Select AD FS profile as the configuration profile
  - Click Next
- Configure Certificate
  - Click Next
- Configure URL
  - Check Enable support for the SAML 2.0 WebSSO protocol
  - Enter Relying party SAML 2.0 SSO service url
    Here you need to paste the Single logout url value. Please see Get Cheqroom Metadata to enter in ADFS for more information.
  - Click Next
- Configure Identifiers
  - Enter Relying party trust identifier and click Add Here you need to paste the Audience URI (Entity ID) value. Please see Get Cheqroom Metadata to enter in ADFS for more information.
  - Click Next
- Configure Multi-factor Authentication Now?
  - Select I do not want to configure multi-factor authentication settings for this relying party trust at this time
  - Click Next
- Choose Issuance Authorization Rules
  - Select Permit all users to access this relying party
  - Click Next
- Ready to Add Trust
  - Click Next
- Finish
  - Check Open the Edit Claim Rules dialog for this relying party trust when the wizard closes
  - Click Close
Edit Claim Rules for Cheqroom
- Go to Issuance Transform Rules tab
- Click Add Rule…

Go to AD FS Management
Go to AD FS > Service > Endpoints
Locate the URL path in the Metadata section
The path is typically /FederationMetadata/2007-06/FederationMetadata.xml as seen below:

Copy the metadata url, this can typically be found by loading the URL in the browser on the server (f.e https://<your hostname>/FederationMetadata/2007-06/FederationMetadata.xml)

Log in to your Cheqroom account
Go to Settings > Authentication
Enable or edit SSO configuration:
- If you haven’t enabled your SSO configuration already, click the Enable SAML SSO toggle
- If SAML SSO is already enabled, click Edit SSO Configuration
The Cheqroom metadata section provides all required information you need to enter in ADFS

Log in to your Cheqroom account
Go to Settings > Authentication
Click Enable SAML SSO toggle
Choose ADFS as SAML Identity Provider
Cheqroom Metadata is needed to setup a Relying Party Trust, see Add Relying Party Trust for Cheqroom in ADFS
Enter metadata url of ADFS, see Get ADFS Metadata to enter in Cheqroom
Click Next to go to the Settings configuration step
Roles configuration
- Choose a Default role, this will be assigned to a user who logs in through ADFS but has no assigned role. Here we recommend using a role that hasn't got a lot of permissions (for example the Equipment Viewer role)
- Choose how user roles are managed, this lets you choose if you want to manage the roles from ADFS or keep the role management in Cheqroom. See Configure how roles are managed for SSO for more information.
User groups configuration
This option is only available if you have created some user groups for your account, see Create User Groups
- Choose a Default user group
- Choose how user groups are managed, see Configure how user groups are managed for SSO
Click Next to go the the Attribute mappings step
- See Configure SSO attribute mapping for configuring attribute mapping
Click Next to go the the Test connection step
- See Test SSO connection