All Collections
Onboard your team with Cheqroom
Configuring SSO with Google
Configuring SSO with Google
Jeroen avatar
Written by Jeroen
Updated over a week ago

NOTE: We currently don't support clicking on the app tile within Google, users must access the Cheqroom login page. We recommend that you bookmark that link for faster access. This is because we only support SP-initiated SSO flow.

You'll learn how to configure SSO on your Cheqroom account using Google:

Enable Google integration

  • Log in to your Cheqroom account

  • Go to Settings

  • Go to Integrations

  • Find the SSO Google integration and click Configure

  • Choose a Default user role, this will be assigned to a user who logs in through Google SSO but has no assigned role. Here we recommend using a role that hasn't got a lot of permissions (for example the Equipment Viewer role)

  • Choose where your roles are sourced, this lets you choose if you want to manage the roles from Google or keep the role management in Cheqroom. More information can be found on the Configure how roles are managed for SSO help article.

  • Fill in the Domains field, by default, we already add the domain of your email address. In some cases it can be that you have multiple email domains (f.e john@yourcompany1.com and john@yourcompany2.com), then you need to add both domains.

  • Click Next to proceed to the Google setup.

Setup Google

Log in to your Google admin console and go to Apps

Go to Web and mobile apps

Click Add App and choose Add custom SAML app

Type name of the application (f.e Cheqroom)

You can find application icons on the Google integration page in Cheqroom

Then, click Continue

Click Download Metadata and upload the file on the Google integration page in Cheqroom

Then, go back to the Google admin console and click Continue

Next, we need to provide the Service provider details. These can be copied from Google integration page in Cheqroom:

  • ACS URL

  • Entity ID

Then click Continue

Next, click Add mapping

And add a mapping for Email, firstName and lastName.

Then click Finish

Click View details to configure which users can have access to the Cheqroom application.

Choose ON for everyone and click Save.

You can also choose to only allow specific Groups or Organisational units.

⚠️ IMPORTANT ⚠️

Please note that it can take up to 24 hours before all users are allowed to login with SSO. These changes are managed by Google and not something Cheqroom can change.

Now go back to the Google integration page and click Enable SSO

Testing SSO

To make sure SSO is working properly, perform these steps:

  1. Log out and close all Cheqroom browser sessions you have open

  2. Go to https://login.cheqroom.com

  3. Enter your email address

  4. You should now be redirected to your Google login page

  5. Enter your credentials

After entering your credentials, you should be redirected and logged in to Cheqroom.

Configuring Roles

This step is only related if you've chosen that your roles are managed from Google. More information can be found on the Configure how roles are managed for SSO help article.

If you haven't added the custom Role attribute yet, please follow the steps in Part 1: Add custom attribute. Afterwards, you can follow the steps in Part 2: Assigning a role.

Part 1: Add custom attribute

First we will need to create a custom Role attribute that we can send back to the Cheqroom SAML app.

Log in to Google admin console and go to Users

Click More and then choose Manage custom attributes

Then, click Add custom attribute

For Category, we suggest that you fill in Cheqroom, this will allow you to have a clear overview of all custom attributes that are specifically added for the Cheqroom SAML application.

Next, enter the following information for the Role attribute:

  • Name: Role

  • Info type: Text

  • Visibility: Visible to user and admin

  • Number of values: Single value

Next, click Add

Next, we need to go back to the Cheqroom SAML app we've created previously. Click on the hamburger icon to open the side navigation.

Go to Apps > SAML apps

Click the Cheqroom application

Click the SAML attribute mapping section

Click Add mapping

Next, fill in the following information:

  • Google directory attributes: Role

  • App attributes: cheqroom__role

Then, click Save

Part 2: Assigning a role

Log in to Google admin console and go to Users

Go to the user details of a user you want to specific a role for in the Cheqroom application

Click the User information section

Find the Role attribute in Cheqroom section and click Add Role

For the Role value, we need to copy paste the role value from the Google Integration settings page in Cheqroom. There we copy the role value for the role we want to assign to the user (f.e super_admin).

Next we paste the copied value and click Save

If you now login with this user, he will be assigned to Super Admin role.

Why am i receiving error: app_not_configured_for_user when attempting to sign into Cheqroom?

This error occurs when attempting to login into Cheqroom while another Google account is already signed in in the browser. In most cases you will probably be logging in with your personal gmail address instead of your work address.

This issue can be resolve in several ways:

  • Sign out of Google in the browser to ensure no Google accounts are active. Go to google.com and click in to top right on the profile picture and then choose Sign out of all accounts

  • If you are using Google Chrome, you can click on the user icon in the top right and switch to your work profile

Did this answer your question?