⚠️ We currently don't support clicking on the app tile within the IdP, users must access the Cheqroom login page. We recommend that you bookmark that link for faster access. This is because we only support SP-initiated SSO flow.
Create Cheqroom application in SAML IdP
Please use our specific help pages if you are configuring SSO for on of the following IdP’s:
If your IdP isn’t listed above, then you will need to check the documentation of your SAML IdP how to add Cheqroom as a Service Provider (SP).
Cheqroom requires that the IdP returns NameID and email in the claim attributes of your SAML response. So don’t forgot to correctly configure these attributes to be return in the SAML response.
Get Cheqroom Metadata to enter in SAML IdP
Log in to your Cheqroom account
Go to Settings > Authentication
Enable or edit SSO configuration:
If you haven’t enabled your SSO configuration already, click the Enable SAML SSO toggle
If SAML SSO is already enabled, click Edit SSO Configuration
The Cheqroom metadata section provides all required information you need to enter in SAML IdP
Get SAML IdP metadata to upload in Cheqroom
Log in to your SAML IdP
Find the SAML IdP metadata
You can upload a metadata XML file or enter a metadata url in Cheqroom
Enable SSO in Cheqroom
Log in to your Cheqroom account
Go to Settings > Authentication
Click Enable SAML SSO toggle
Choose SAML as SAML Identity Provider
Cheqroom Metadata is needed to setup a Cheqroom application in SAML, see Create Cheqroom application in SAML IdP
Upload metadata or enter metadata url of SAML IdP, see Get SAML IdP Metadata to upload in Cheqroom
Click Next to go to the Settings configuration step
Roles configuration
Choose a Default role, this will be assigned to a user who logs in through SAML IdP but has no assigned role. Here we recommend using a role that hasn't got a lot of permissions (for example the Equipment Viewer role)
Choose how user roles are managed, this lets you choose if you want to manage the roles from SAML IdP or keep the role management in Cheqroom. See Configure how roles are managed for SSO for more information.
User groups configuration This option is only available if you have created some user groups for your account, see Create User Groups
Choose a Default user group
Choose how user groups are managed, see Configure how user groups are managed for SSO
Click Next to go the the Attribute mappings step
See Configure SSO attribute mapping for configuring attribute mapping
Click Next to go the the Test connection step
See Test SSO connection
Configuring User Roles in SAML IdP
When you want to manage user roles from your SAML IdP, you will need to make sure that your IdP returns a cheqroom__role claim attribute in the SAML response.
Check to documentation of your SAML IdP how you can map the Cheqroom role attributes to the cheqroom__role claim. See Configure how roles are managed for SSO to get possible role values to return from your IdP.
Configuring User Groups in SAML IdP
When you want to manage user groups from your SAML IdP, you will need to make sure that your IdP returns a cheqroom__user_group claim attribute in the SAML response.
Check to documentation of your SAML IdP how you can map the Cheqroom user group attributes to the cheqroom__user_group claim. See Configure how User Groups are managed for SSO to get possible user groups values to return from your IdP.