All Collections
Onboard your team with Cheqroom
Configure how roles are managed for SSO
Configure how roles are managed for SSO

Manage the roles from the Identity Provider (e.g. OneLogin, Azure AD, ADFS, Okta, Google, SAML IdP) or keep the role management in Cheqroom

Jeroen avatar
Written by Jeroen
Updated over a week ago

The role management option lets you choose if you want to manage the roles from the Identity Provider (e.g. OneLogin, Azure AD, ADFS, Okta, Google, SAML IdP) or keep the role management in Cheqroom.

In some cases it’s useful to keep the role management in Cheqroom itself so there’s no need to contact your company's IT Administrator to change the role of specific user(s).

Option 1: Identity Provider (e.g. OneLogin, Azure AD, ADFS, Okta, Google, SAML IdP)

When roles are managed through the Identity Provider than the following logic is used:

New and existing users

The role of user will be updated on every login through SSO.

  • If the Identity Provider doesn’t return a role or an invalid role for the user, he will be assigned the default role.

    Any existing role he already has assigned in Cheqroom will be overwritten.

  • If the Identity Provider does return a role for the user, that role will be assigned to the user

Please check the list below to configure roles for an specific Identity Provider:

Option 2: Cheqroom

When roles are managed through Cheqroom than the following logic is used:

New users

Existing users

New users first need to login through SSO and then you will be able to manage their roles.

Newly created users will be assigned the selected default role when they log in for the first time through SSO.

You can immediately manage their roles in Cheqroom

Remark: If you used the Identity Provider option previously the role claim will always be ignored

More information can be found in the How can I modify the user role of any existing user? help article

Did this answer your question?