All Collections
Onboard your team with Cheqroom
πŸŽ₯ Configuring SSO with Azure AD
πŸŽ₯ Configuring SSO with Azure AD
Jeroen avatar
Written by Jeroen
Updated over a week ago

NOTE: We currently don't support clicking on the app tile within Azure AD, users must access the CHEQROOMCheqroom login page. We recommend that you bookmark that link for faster access. This is because we only support SP-initiated SSO flow.

You'll learn how to configure SSO on your Cheqroom account using Azure AD:

Enable Azure AD integration

  • Log in to your Cheqroom account

  • Go to Settings

  • Go to Integrations

  • Find the SSO Azure AD integration and click Configure

  • Choose a Default user role, this will be assigned to a user who logs in through Azure AD SSO but has no assigned role. Here we recommend using a role that hasn't got a lot of permissions (for example the Equipment Viewer role)

  • Choose where your roles are sourced, this lets you choose if you want to manage the roles from OneLogin or keep the role management in Cheqroom. More information can be found on the Configure how roles are managed for SSO help article.

  • Fill in the Domains field, by default, we already add the domain of your email address. In some cases it can be that you have multiple email domains (f.e john@acme1.com and john@acme2.com), then you need to add both domains.

  • Click Next to proceed to the Azure AD setup.

Setup Azure AD

Part 1: Create SAML application

Log in to your Azure account, click the hamburger menu in the top left and then Azure Active Directory:

Then, click Enterprise applications:

Then, click New application

Then, choose Non-gallery application

Type name of the application (f.e Cheqroom) and click Add

Then click Set up single sign on and then SAML

Click the pencil icon to configure the Basic SAML configuration:

Fill in the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL), you can copy these values from the Azure AD integration page and afterwards click Save and then close configuration screen.
​

(OPTIONAL) Part 2: Configure User Attributes & Claims

Cheqroom requires that an Email address claim with a valid value is always returned, so please make sure that it is mapped to a field that will always contain the user email. Skip to Part 3 if you are certain that the default user.email field has a valid email address.

Click the pencil icon to configure the User Attributes & Claims

Click http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

Choose a field on the Source attribute that will contain a valid email value and afterwards click Save


Part 3: Add Federation Metadata Url

Copy the App Federation Metadata Url
​

Then, paste it to the App Federation Metadata Url field on the Azure AD integration page and click Enable SSO

Next, we need to assign Users or Groups to the app. Go back to the Azure AD application and click Users and groups

Then click Add user and select the users and/or groups you want to give access to Cheqroom

Testing SSO

To make sure SSO is working properly, perform these steps:

  1. Log out and close Cheqroom browser sessions you have open

  2. Go to https://login.cheqroom.com

  3. Enter your email address

  4. You should now be redirected to your Azure AD login page

  5. Enter your credentials

After entering your credentials, you should be redirect and logged in to Cheqroom.

Configuring Roles

Part 1: Adding roles to the application

Log in to your Azure account, click the hamburger menu in the top left and then Azure Active Directory:

Click App registrations

Select the application you've created for Cheqroom

Then, click Manifest in the menu on the left

Before we proceed in Azure AD, open a new browser tab and go to the Azure AD integration page and select the Configure roles step

Then, choose a role that you want to be able to assign to your users in Azure AD, f.e. Super admins. Click Copy

Go back to the manifest configuration page in Azure AD and paste the copied value in the appRoles section between the square brackets ([...]) and click Save

If you want to add another role, repeat the previous step(s) by copying a role from the Azure AD integration page in Cheqroom and adding the copied value to the manifest file.

Part 2: Assigning roles to users/group

Log in to your Azure account, click the hamburger menu in the top left and then Azure Active Directory:

Then, click Enterprise applications

Select the Cheqroom application you've created previously

Click Users and groups in the left navigation menu

Select the User(s) and/or Group(s) for which you want to assign a role and click Edit

Click Select a role and then select the role that you want to assign and click Select

Finally click Assign to confirm

Configuring User Groups

Log in to your Azure account, click the hamburger menu in the top left and then Microsoft Entra ID:

Then, click Enterprise applications

Select the Cheqroom application you've created previously

Click Single sign-on in the left navigation menu

Edit the Attributes & Claims

Click Add new claim

Enter cheqroom__user_group for the claim Name and leave Namespace empty

Next expand Claim conditions

Here you can configure how the user groups are going to be assigned to a user when he logs in. For this example we will use the Azure user groups that are already present to match them to a Cheqroom user group id.

Select Any as User type

Click Select groups and choose one or more Azure groups that you want to match to Cheqroom user groups. Then click Select to confirm

Select Attribute for Source

Before we can set the value, we first need to go back to the Azure AD Integration page in Cheqroom and copy the id of a user group we want to assign. Click Copy for the user group id that you want to assign

Go back to your Cheqroom application in Azure and paste the id in the Value input.

Repeat the above steps for the different user groups you want to configure. When you're done, click Save

Did this answer your question?