NOTE: We currently don't support clicking on the app tile within OneLogin, users must access the Cheqroom login page. We recommend that you bookmark that link for faster access. This is because we only support SP-initiated SSO flow.
You'll learn how to configure SSO on your Cheqroom account using OneLogin:
Enable OneLogin integration
Log in to your Cheqroom account
Go to Settings
Go to Integrations
Find the SSO OneLogin integration and click Configure
Choose a Default user role, this will be assigned to a user who logs in through OneLogin SSO but has no assigned role. Here we recommend using a role that hasn't got a lot of permissions (for example the Equipment Viewer role)
Choose where your roles are sourced, this lets you choose if you want to manage the roles from OneLogin or keep the role management in Cheqroom. More information can be found on the Configure how roles are managed for SSO help article.
Fill in the Domains field, by default, we already add the domain of your email address. In some cases it can be that you have multiple email domains (f.e john@acme1.com and john@acme2.com), then you need to add both domains.
Click Next to proceed to the OneLogin setup.
Setup OneLogin
Log in to your OneLogin account, go to Applications and click Add App
Then, search for SAML Test Connector in the Find applications section and click SAML Test Connector (Advanced)
Type name of the application (f.e Cheqroom)
You can find application icons on the OneLogin integration page
Then, click Save to add the application
Next, go to the Configuration tab to enter the Cheqroom service provider details. These can be copied from OneLogin integration page:
Audience (EntityID)
ACS (Consumer) URL Validator
ACS (Consumer) URL
Then, click Save
Then, go to the Parameters tab and click Plus icon
Fill in email as field name, select Include to SAML assertion and click Save
Then make sure to map the Value to a filled-in email field and click Save
Similarly, we will add two more attributes: username and name. Finally, your attribute list will look as follows:
Then, click Save
Next, go to the SSO tab and copy the Issuer URL
Now go back to the OneLogin integration page and paste the copied value in the Issuer URL field and then click Enable SSO
Before we can test the SSO, we still need to add a user to the application. Go to Users and choose one of your users and then click the Applications tab, click Plus icon and add Cheqroom application
Testing SSO
To make sure SSO is working properly, perform these steps:
Log out and close Cheqroom browser sessions you have open
Enter your email address
You should now be redirected to your OneLogin login page
Enter your credentials
After entering your credentials, you should be redirected and logged in to Cheqroom.
Configuring Roles
Log in to your OneLogin account and go to Users > Custom User Fields and click New User Field
Fill in a name (f.e. Cheqroom Role), a shortname (f.e. cheqroom__role) and click Save
Let's say that you have set up a role Teachers in your OneLogin account and you want all the users in this role to have the Super admin role in Cheqroom. In this case, we want to configure a mapping by going to Users > Mappings and click New Mapping
Then we need to configure our mapping by giving it a name (f.e. Cheqroom Super Admins), configure a condition that will define when the Super admin role is assigned, here for the role Teachers. For the action, we choose to set our custom Cheqroom Role field to the role value that we want to use (f.e. super_admin). You can copy from the configure roles step on the OneLogin integration page. Then click Save
Similarly, add other mappings for roles that you want to assign based on certain conditions. Finally, click Reapply All Mappings assign the users to the correct role based on your mappings.
Next, go to Applications and go to the Cheqroom application
Go to the Parameters tab and click the Plus icon
Fill in cheqroom__role as Field name, select Include in SAML assertion and click Save
Then also make sure to select our custom user field Cheqroom Role as value for the newly added field and click Save
You can now test the SSO login to see if the user has a correct role assigned to them.