You'll learn how to configure SSO on your CHEQROOM account using Azure AD:

Enable Azure AD integration

  • Log in to your CHEQROOM account
  • Go to Settings
  • Go to Integrations
  • Find the SSO Azure AD integration and click Configure
  • Choose a Default user role, this will be assigned to a user who logs in through Azure AD SSO but has no assigned role. Here we recommend using a role that hasn't got a lot of permissions (for example the Equipment Viewer role)
  • Fill in the Domains field, by default, we already add the domain of your email address. In some cases it can be that you have multiple email domains (f.e john@acme1.com and john@acme2.com), then you need to add both domains.
  • Click Next to proceed to the ADFS setup.

Setup Azure AD

Part 1: Create SAML application

Log in to your Azure account, click the hamburger menu in the top left and then Azure Active Directory:

Then, click Enterprise applications:

Then, click New application

Then, choose Non-gallery application

Type name of the application (f.e CHEQROOM) and click Add

Then click Set up single sign on and then SAML

Click the pencil icon to configure the Basic SAML configuration:

Fill in the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL), you can copy these values from the Azure AD integration page and afterwards click Save and then close configuration screen.

(OPTIONAL) Part 2: Configure User Attributes & Claims

CHEQROOM requires that an Email address claim with a valid value is always returned, so please make sure that it is mapped to a field that will always contain the user email. Skip to Part 3 if you are certain that the default user.email field has a valid email address.

Click the pencil icon to configure the User Attributes & Claims

Click http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

Choose a field on the Source attribute that will contain a valid email value and afterwards click Save


Part 3: Add Federation Metadata Url

Copy the App Federation Metadata Url

Then, paste it to the App Federation Metadata Url field on the Azure AD integration page and click Enable SSO

Next, we need to assign Users or Groups to the app. Go back to the Azure AD application and click Users and groups

Then click Add user and select the users and/or groups you want to give access to CHEQROOM

Testing SSO

To make sure SSO is working properly, perform these steps:

  1. Log out and close CHEQROOM browser sessions you have open
  2. Go to https://app.cheqroom.com/sso
  3. Enter your email address
  4. You should now be redirected to your Azure AD login page
  5. Enter your credentials

After entering your credentials, you should be redirect and logged in to CHEQROOM.

Configuring Roles

Part 1: Adding roles to the application

Log in to your Azure account, click the hamburger menu in the top left and then Azure Active Directory:

Click App registrations

Select the application you've created for CHEQROOM

Then, click Manifest in the menu on the left

Before we proceed in Azure AD, open a new browser tab and go to the Azure AD integration page and select the Configure roles step

Then, choose a role that you want to be able to assign to your users in Azure AD, f.e. Super admins. Click Copy

Go back to the manifest configuration page in Azure AD and paste the copied value in the appRoles section between the square brackets ([...]) and click Save

If you want to add another role, repeat the previous step(s) by copying a role from the Azure AD integration page in CHEQROOM and adding the copied value to the manifest file.

Part 2: Assigning roles to users/group

Log in to your Azure account, click the hamburger menu in the top left and then Azure Active Directory:

Then, click Enterprise applications

Select the CHEQROOM application you've created previously

Click Users and groups in the left navigation menu

Select the User(s) and/or Group(s) for which you want to assign a role and click Edit

Click Select a role and then select the role that you want to assign and click Select

Finally click Assign to confirm

Did this answer your question?