Configuring SSO with ADFS
Jeroen avatar
Written by Jeroen
Updated over a week ago

You'll learn how to configure SSO on your Cheqroom account using ADFS:

Enable ADFS integration 

  • Log in to your Cheqroom account 

  • Go to Settings

  • Go to Integrations

  • Find the SSO ADFS integration and click Configure

  • Choose a Default user role, this will be assigned to a user who logs in through ADFS SSO but has no assigned role. Here we recommend to use a role that hasn't got a lot of permissions (for example the Equipment Viewer role)

  • Choose where your roles are sourced, this lets you choose if you want to manage the roles from OneLogin or keep the role management in Cheqroom. More information can be found on the Configure how roles are managed for SSO help article.

  • Fill in the Domains field, by default we already add the domain of your email address. In some cases it can be that you have multiple email domains (f.e and, then you need to add both domains.

  • Click Next to proceed to the ADFS setup.

Setup ADFS

Part 1: Add a Relying Party Trust

Go to AD FS Management and in the left navigation pane, click Add Relying Party Trust...

On the 'Welcome page', Click Start

Select Enter data about the relying party manually, then click Next

Enter a display name (like "Cheqroom") and any optional notes, then click Next

Select AD FS profile as the configuration profile, then click Next

Click Next on the 'Configure Certificate' page

For the 'Configure URL' page, check Enable support for the SAML 2.0 WebSSO protocol and copy paste this value from the ADFS Integration settings page, then click Next

For the 'Configure Identifiers' page, copy paste this value from the ADFS Integration settings page, then click Add and afterwards Next

On the 'Configure Multi-factor Authentication Now?' page, select I do not want to configure multi-factor authentication settings for this relying party trust at this time, then click Next

On the 'Choose Issuance Authorization Rules' page, select Permit all users to access this relying party, and click Next

On the 'Ready to Add Trust' page, click Next

On the final screen, check Open the Edit Claim Rules dialog for this relying party trust when the wizard closes,  then click Close

In the 'Edit Claim Rules for Cheqroom' dialog, go to the Issuance Transform Rules tab and  then click Add Rule...

From within the Add Transform Claim Rule Wizard, select Send LDAP Attributes as Claims rule template in the dropdown and then click Next

Give your claim rule a name (like "Cheqroom Claims"), select Active Directory from the attribute store dropdown and map the following fields:

  • LDAP attribute E-Mail-Addresses to outgoing claim type E-Mail Address

  • LDAP attribute User-Principal-Name to outgoing claim type Name ID

Click Finish to add the claim rule.

Part 2: Add Metadata URL

After you have completed these steps, you need to go back to the ADFS Integration page and enter your ADFS Federation Metadata URL (like "https://YOUR_DOMAIN/FederationMetadata/2007-06/FederationMetadata.xml"), then click Enable SSO

You should now have a working ADFS SSO implementation for Cheqroom.

Testing SSO

To make sure SSO is working properly, perform these steps:

  1. Log out and close Cheqroom browser sessions you have open

  2. Enter your email address

  3. You should now be redirected to your ADFS login page

  4. Enter your credentials

After entering your credentials, you should be redirect and logged in to Cheqroom.

Configuring Roles

You can find an overview of the possible roles you can configure on the ADFS Integration settings page on the Configure roles step. 

Assigning Super Admin role

Go to AD FS Management, expand Trust Relationships and select Relying Party Trusts, then select the Relying Party Trust we've created previously for Cheqroom and click Edit Claim Rules... in the left navigation pane.

Click Add Rule...

On the Choose Rule Type page, select Send Group Membership as a Claim and click Next

Enter a rule name that describes the role rule that you will be configuring (like "Super Admin Role") and click Browse... to select the user group that we want to assign the Super Admin role (like "CHEQROOM_SUPER_ADMINS") and click OK.

Select Role as outgoing claim type

For the outgoing claim value, we need to copy paste the Super Admin value from the ADFS Integration settings page and then click Finish

If you now login with a user that's assigned to the CHEQROOM_SUPER_ADMINS group, they will be assigned to Super Admin role.

If you want to configure another role assignment, just follow the same steps like above for the Super Admin role.

Did this answer your question?