NOTE: We currently don't support clicking on the app tile within Google, users must access the Cheqroom login page. We recommend that you bookmark that link for faster access. This is because we only support SP-initiated SSO flow.
You'll learn how to configure SSO on your Cheqroom account using Google:
Enable Google integration
Log in to your Cheqroom account
Go to Settings
Go to Integrations
Find the SSO Google integration and click Configure
Choose a Default user role, this will be assigned to a user who logs in through Google SSO but has no assigned role. Here we recommend using a role that hasn't got a lot of permissions (for example the Equipment Viewer role)
Choose where your roles are sourced, this lets you choose if you want to manage the roles from Google or keep the role management in Cheqroom. More information can be found on the Configure how roles are managed for SSO help article.
Fill in the Domains field, by default, we already add the domain of your email address. In some cases it can be that you have multiple email domains (f.e john@yourcompany1.com and john@yourcompany2.com), then you need to add both domains.
Click Next to proceed to the Google setup.
Setup Google
Log in to your Google admin console and go to Apps
Go to Web and mobile apps
Click Add App and choose Add custom SAML app
Type name of the application (f.e Cheqroom)
You can find application icons on the Google integration page in Cheqroom
Then, click Continue
Click Download Metadata and upload the file on the Google integration page in Cheqroom
Then, go back to the Google admin console and click Continue
Next, we need to provide the Service provider details. These can be copied from Google integration page in Cheqroom:
ACS URL
Entity ID
Then click Continue
Next, click Add mapping
And add a mapping for Email, firstName and lastName.
Then click Finish
Click View details to configure which users can have access to the Cheqroom application.
Choose ON for everyone and click Save.
You can also choose to only allow specific Groups or Organisational units.
⚠️ IMPORTANT ⚠️
Please note that it can take up to 24 hours before all users are allowed to login with SSO. These changes are managed by Google and not something Cheqroom can change.
Now go back to the Google integration page and click Enable SSO
Testing SSO
To make sure SSO is working properly, perform these steps:
Log out and close all Cheqroom browser sessions you have open
Enter your email address
You should now be redirected to your Google login page
Enter your credentials
After entering your credentials, you should be redirected and logged in to Cheqroom.
Configuring Roles
This step is only related if you've chosen that your roles are managed from Google. More information can be found on the Configure how roles are managed for SSO help article.
If you haven't added the custom Role attribute yet, please follow the steps in Part 1: Add custom attribute. Afterwards, you can follow the steps in Part 2: Assigning a role.
Part 1: Add custom attribute
First we will need to create a custom Role attribute that we can send back to the Cheqroom SAML app.
Log in to Google admin console and go to Users
Click More and then choose Manage custom attributes
Then, click Add custom attribute
For Category, we suggest that you fill in Cheqroom, this will allow you to have a clear overview of all custom attributes that are specifically added for the Cheqroom SAML application.
Next, enter the following information for the Role attribute:
Name: Role
Info type: Text
Visibility: Visible to user and admin
Number of values: Single value
Next, click Add
Next, we need to go back to the Cheqroom SAML app we've created previously. Click on the hamburger icon to open the side navigation.
Go to Apps > SAML apps
Click the Cheqroom application
Click the SAML attribute mapping section
Click Add mapping
Next, fill in the following information:
Google directory attributes: Role
App attributes: cheqroom__role
Then, click Save
Part 2: Assigning a role
Log in to Google admin console and go to Users
Go to the user details of a user you want to specific a role for in the Cheqroom application
Click the User information section
Find the Role attribute in Cheqroom section and click Add Role
For the Role value, we need to copy paste the role value from the Google Integration settings page in Cheqroom. There we copy the role value for the role we want to assign to the user (f.e super_admin).
Next we paste the copied value and click Save
If you now login with this user, he will be assigned to Super Admin role.
Why am i receiving error: app_not_configured_for_user when attempting to sign into Cheqroom?
This error occurs when attempting to login into Cheqroom while another Google account is already signed in in the browser. In most cases you will probably be logging in with your personal gmail address instead of your work address.
This issue can be resolve in several ways:
Sign out of Google in the browser to ensure no Google accounts are active. Go to google.com and click in to top right on the profile picture and then choose Sign out of all accounts
If you are using Google Chrome, you can click on the user icon in the top right and switch to your work profile