All Collections
Onboard your team with Cheqroom
Configuring SSO with OneLogin
Configuring SSO with OneLogin
Jeroen avatar
Written by Jeroen
Updated over a week ago

NOTE: We currently don't support clicking on the app tile within OneLogin, users must access the Cheqroom login page. We recommend that you bookmark that link for faster access. This is because we only support SP-initiated SSO flow.

You'll learn how to configure SSO on your Cheqroom account using OneLogin:

Enable OneLogin integration

  • Log in to your Cheqroom account

  • Go to Settings

  • Go to Integrations

  • Find the SSO OneLogin integration and click Configure

  • Choose a Default user role, this will be assigned to a user who logs in through OneLogin SSO but has no assigned role. Here we recommend using a role that hasn't got a lot of permissions (for example the Equipment Viewer role)

  • Choose where your roles are sourced, this lets you choose if you want to manage the roles from OneLogin or keep the role management in Cheqroom. More information can be found on the Configure how roles are managed for SSO help article.

  • Fill in the Domains field, by default, we already add the domain of your email address. In some cases it can be that you have multiple email domains (f.e john@acme1.com and john@acme2.com), then you need to add both domains.

  • Click Next to proceed to the OneLogin setup.

Setup OneLogin

Log in to your OneLogin account, go to Applications and click Add App

Then, search for SAML Test Connector in the Find applications section and click SAML Test Connector (Advanced)

Type name of the application (f.e Cheqroom)

You can find application icons on the OneLogin integration page

Then, click Save to add the application

Next, go to the Configuration tab to enter the Cheqroom service provider details. These can be copied from OneLogin integration page:

  • Audience (EntityID)

  • ACS (Consumer) URL Validator

  • ACS (Consumer) URL

Then, click Save

Then, go to the Parameters tab and click Plus icon

Fill in email as field name, select Include to SAML assertion and click Save

Then make sure to map the Value to a filled-in email field and click Save

Similarly, we will add two more attributes: username and name. Finally, your attribute list will look as follows:

Then, click Save

Next, go to the SSO tab and copy the Issuer URL

Now go back to the OneLogin integration page and paste the copied value in the Issuer URL field and then click Enable SSO

Before we can test the SSO, we still need to add a user to the application. Go to Users and choose one of your users and then click the Applications tab, click Plus icon and add Cheqroom application

Testing SSO

To make sure SSO is working properly, perform these steps:

  1. Log out and close Cheqroom browser sessions you have open

  2. Go to https://login.cheqroom.com

  3. Enter your email address

  4. You should now be redirected to your OneLogin login page

  5. Enter your credentials

After entering your credentials, you should be redirected and logged in to Cheqroom.

Configuring Roles

Log in to your OneLogin account and go to Users > Custom User Fields and click New User Field

Fill in a name (f.e. Cheqroom Role), a shortname (f.e. cheqroom__role) and click Save

Let's say that you have set up a role Teachers in your OneLogin account and you want all the users in this role to have the Super admin role in Cheqroom. In this case, we want to configure a mapping by going to Users > Mappings and click New Mapping

Then we need to configure our mapping by giving it a name (f.e. Cheqroom Super Admins), configure a condition that will define when the Super admin role is assigned, here for the role Teachers. For the action, we choose to set our custom Cheqroom Role field to the role value that we want to use (f.e. super_admin). You can copy from the configure roles step on the OneLogin integration page. Then click Save

Similarly, add other mappings for roles that you want to assign based on certain conditions. Finally, click Reapply All Mappings assign the users to the correct role based on your mappings.

Next, go to Applications and go to the Cheqroom application

Go to the Parameters tab and click the Plus icon

Fill in cheqroom__role as Field name, select Include in SAML assertion and click Save

Then also make sure to select our custom user field Cheqroom Role as value for the newly added field and click Save

You can now test the SSO login to see if the user has a correct role assigned to them.

Did this answer your question?