🎥 Configuring SSO with Okta
Jeroen avatar
Written by Jeroen
Updated over a week ago

NOTE: We currently don't support clicking on the app tile within Okta, users must access the Cheqroom login page. We recommend that you bookmark that link for faster access. This is because we only support SP-initiated SSO flow.

You'll learn how to configure SSO on your Cheqroom account using Okta:

Enable Okta integration in Cheqroom

  • Log in to your Cheqroom account 

  • Go to Settings

  • Go to Integrations

  • Find the SSO Okta integration and click Configure

  • Choose a Default user role, this will be assigned to a user who logs in through Okta SSO but has no assigned role. Here we recommend to use a role that hasn't got a lot of permissions (for example the Equipment Viewer role)

  • Choose where your roles are sourced, this lets you choose if you want to manage the roles from OneLogin or keep the role management in Cheqroom. More information can be found on the Configure how roles are managed for SSO help article.

  • Fill in the Domains field, by default we already add the domain of your email address. In some cases it can be that you have multiple email domains (f.e john@acme1.com and john@acme2.com), then you need to add both domains.

  • Click Next to proceed to the Okta setup.

Create Okta application

Please make sure that you keep the Okta Integration page open when you are creating your Okta application, because you will need several values from this page in order to configure your application.

  • Log in to your Okta account 

  • Click the Admin button in the top right corner

  • Go to Applications

  • Click Add Application

  • Click Create New App

  • In the modal, make sure 'platform for Web' is selected and SAML 2.0 is checked as the 'sign on method'

  • Click Create

Fill in the General Settings:

  • Give the application a name, f.e Cheqroom

  • Upload a logo for the application. You can download a Cheqroom logo on the Okta integration page

  • Click Next

Fill in the Configure SAML settings:

Next we need to add some Attribute statements:

  • For name fill in a name and as value a user.name

  • Click Add another 

  • For name fill in an email address and as value user.email

  • Click Next to proceed 

  • For the option 'Are you a customer or partner?', you can choose 'I'm an Okta customer adding an internal app'

  • And for App type you can check 'This is an internal app that we have created'

  • Click Finish to create the application

Now we can assign people that are allowed access to Cheqroom:

  • Go to Assignments tab

  • Click Assign

  • Choose Assign to People or Assign to Groups

  • Click Assign to assign people access to Cheqroom 

  • Click Done to when you're finished 

Next we need to link your application with Cheqroom:

  • Go to Sign on tab

  • Right click Identity Provider metadata link and copy the address link

  • Then go back to the Okta integration page in Cheqroom

  • And paste the copied address link into the Metadata URL field

  • Click Enable SSO to enable to Okta SSO integration with Cheqroom

Test SSO

To make sure SSO is working properly, perform these steps:

  1. Log out and close any Okta/Cheqroom browser sessions you have open

  2. Enter your email address

  3. You should now be redirected to your Okta login page

  4. Enter your credentials

After entering your credentials, you should be redirect and logged in to Cheqroom.

Configure roles

  • Log in to your Okta account

  • Click the Admin button in the top right corner

  • Go to Directory

  • Click Profile Editor

  • Look for the profile that is linked to your application [Application name] User, where application name is the name of your application

  • Click on Profile

  • Click Add Attribute

Before we proceed, please make sure that you have the Okta integration page opened on the Configure roles step

  • Fill in the Display name, you can copy the value you need on the Okta integration page 

  • Fill in the Variable name, you can copy the value you need on the Okta integration page

  • Check the Define enumerated list of values

  • Copy paste the Display name/Value for the different roles you want to use in Okta from the Okta integration page 

  • Click Save

  • Go to Applications

  • Go to your Cheqroom application

  • Go to the General tab

  • Scroll down to the SAML Settings

  • Click Edit

  • Click Next

  • Scroll down to the Attribute statements

  • Click Add Another

  • For name fill in cheqroom__role and as value appuser.cheqroom__role (mind the double underscore!)

  • Click Next

  • Click Finish to update the application

Next you can assign a role to the different people that have access to Cheqroom on the Assignment tab of your application. 

Did this answer your question?