NOTE: We currently don't support clicking on the app tile within Azure AD, users must access the CHEQROOMCheqroom login page. We recommend that you bookmark that link for faster access. This is because we only support SP-initiated SSO flow.
You'll learn how to configure SSO on your Cheqroom account using Azure AD:
Enable Azure AD integration
Log in to your Cheqroom account
Go to Settings
Go to Integrations
Find the SSO Azure AD integration and click Configure
Choose a Default user role, this will be assigned to a user who logs in through Azure AD SSO but has no assigned role. Here we recommend using a role that hasn't got a lot of permissions (for example the Equipment Viewer role)
Choose where your roles are sourced, this lets you choose if you want to manage the roles from OneLogin or keep the role management in Cheqroom. More information can be found on the Configure how roles are managed for SSO help article.
Fill in the Domains field, by default, we already add the domain of your email address. In some cases it can be that you have multiple email domains (f.e john@acme1.com and john@acme2.com), then you need to add both domains.
Click Next to proceed to the Azure AD setup.
Setup Azure AD
Part 1: Create SAML application
Log in to your Azure account, click the hamburger menu in the top left and then Azure Active Directory:
Then, click Enterprise applications:
Then, click New application
Then, choose Non-gallery application
Type name of the application (f.e Cheqroom) and click Add
Then click Set up single sign on and then SAML
Click the pencil icon to configure the Basic SAML configuration:
Fill in the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL), you can copy these values from the Azure AD integration page and afterwards click Save and then close configuration screen.
β
(OPTIONAL) Part 2: Configure User Attributes & Claims
Cheqroom requires that an Email address claim with a valid value is always returned, so please make sure that it is mapped to a field that will always contain the user email. Skip to Part 3 if you are certain that the default user.email field has a valid email address.
Click the pencil icon to configure the User Attributes & Claims
Choose a field on the Source attribute that will contain a valid email value and afterwards click Save
Part 3: Add Federation Metadata Url
Copy the App Federation Metadata Url
β
Then, paste it to the App Federation Metadata Url field on the Azure AD integration page and click Enable SSO
Next, we need to assign Users or Groups to the app. Go back to the Azure AD application and click Users and groups
Then click Add user and select the users and/or groups you want to give access to Cheqroom
Testing SSO
To make sure SSO is working properly, perform these steps:
Log out and close Cheqroom browser sessions you have open
Enter your email address
You should now be redirected to your Azure AD login page
Enter your credentials
After entering your credentials, you should be redirect and logged in to Cheqroom.
Configuring Roles
Part 1: Adding roles to the application
Log in to your Azure account, click the hamburger menu in the top left and then Azure Active Directory:
Click App registrations
Select the application you've created for Cheqroom
Then, click Manifest in the menu on the left
Before we proceed in Azure AD, open a new browser tab and go to the Azure AD integration page and select the Configure roles step
Then, choose a role that you want to be able to assign to your users in Azure AD, f.e. Super admins. Click Copy
Go back to the manifest configuration page in Azure AD and paste the copied value in the appRoles section between the square brackets ([...]) and click Save
If you want to add another role, repeat the previous step(s) by copying a role from the Azure AD integration page in Cheqroom and adding the copied value to the manifest file.
Part 2: Assigning roles to users/group
Log in to your Azure account, click the hamburger menu in the top left and then Azure Active Directory:
Then, click Enterprise applications
Select the Cheqroom application you've created previously
Click Users and groups in the left navigation menu
Select the User(s) and/or Group(s) for which you want to assign a role and click Edit
Click Select a role and then select the role that you want to assign and click Select
Finally click Assign to confirm
Configuring User Groups
Log in to your Azure account, click the hamburger menu in the top left and then Microsoft Entra ID:
Then, click Enterprise applications
Select the Cheqroom application you've created previously
Click Single sign-on in the left navigation menu
Edit the Attributes & Claims
Click Add new claim
Enter cheqroom__user_group for the claim Name and leave Namespace empty
Next expand Claim conditions
Here you can configure how the user groups are going to be assigned to a user when he logs in. For this example we will use the Azure user groups that are already present to match them to a Cheqroom user group id.
Select Any as User type
Click Select groups and choose one or more Azure groups that you want to match to Cheqroom user groups. Then click Select to confirm
Select Attribute for Source
Before we can set the value, we first need to go back to the Azure AD Integration page in Cheqroom and copy the id of a user group we want to assign. Click Copy for the user group id that you want to assign
Go back to your Cheqroom application in Azure and paste the id in the Value input.
Repeat the above steps for the different user groups you want to configure. When you're done, click Save