Cheqroom

NOTE: We currently don't support clicking on the app tile within the IdP, users must access the <a href="https://login.cheqroom.com/" rel="nofollow noopener noreferrer" target="_blank">Cheqroom login page</a>. We recommend that you bookmark that link for faster access. This is because we only support SP-initiated SSO flow.

You'll learn how to configure SSO on your Cheqroom account using SAML Idp:

<a href="#h_f5004164aa">Enable SAML integration</a>

<a href="#h_c28a7af6dc">Setup SAML IdP</a>

<a href="#h_82badfa3d9">Configuring roles</a>

- <a href="#h_f5004164aa">Enable SAML integration</a>
- <a href="#h_c28a7af6dc">Setup SAML IdP</a>
- <a href="#h_10cb6d1cb2">Test SSO</a>
- <a href="#h_82badfa3d9">Configuring roles</a>

Find the SSO SAML integration and click Configure

Choose a Default user role, this will be assigned to a user who logs in through SAML Idp SSO but has no assigned role. Here we recommend using a role that hasn't got a lot of permissions (for example the Equipment Viewer role)

Choose where your roles are sourced, this lets you choose if you want to manage the roles from SAML IdP or keep the role management in Cheqroom. More information can be found on the <a href="https://help.cheqroom.com/en/articles/5169160-configure-how-roles-are-managed-for-sso">Configure how roles are managed for SSO</a> help article.

Fill in the Domains field, by default, we already add the domain of your email address. In some cases it can be that you have multiple email domains (f.e <a href="mailto:john@acme1.com" rel="nofollow noopener noreferrer" target="_blank">john@yourcompany1.com</a> and <a href="mailto:john@acme2.com" rel="nofollow noopener noreferrer" target="_blank">john@yourcompany2.com</a>), then you need to add both domains.

Click Next to proceed to the SAML IdP setup.

- Log in to your Cheqroom account
- Go to Settings
- Go to Integrations
- Find the SSO SAML integration and click Configure
- Choose a Default user role, this will be assigned to a user who logs in through SAML Idp SSO but has no assigned role. Here we recommend using a role that hasn't got a lot of permissions (for example the Equipment Viewer role)
- Choose where your roles are sourced, this lets you choose if you want to manage the roles from SAML IdP or keep the role management in Cheqroom. More information can be found on the <a href="https://help.cheqroom.com/en/articles/5169160-configure-how-roles-are-managed-for-sso">Configure how roles are managed for SSO</a> help article.
- Fill in the Domains field, by default, we already add the domain of your email address. In some cases it can be that you have multiple email domains (f.e <a href="mailto:john@acme1.com" rel="nofollow noopener noreferrer" target="_blank">john@yourcompany1.com</a> and <a href="mailto:john@acme2.com" rel="nofollow noopener noreferrer" target="_blank">john@yourcompany2.com</a>), then you need to add both domains.
- Click Next to proceed to the SAML IdP setup.

Go to your IdP and add a SAML application for Cheqroom

- Go to your IdP and add a SAML application for Cheqroom

Most SAML IdP's will immediately provide a metadata file when you are creating a SAML application. but it's also possible that you will first need to add the application before you can download the IdP metadata file. Download Metadata and upload the file on the <a href="https://app.cheqroom.com/#admin/settings/integrations/saml" rel="nofollow noopener noreferrer" target="_blank">SAML integration page</a> in Cheqroom

- Most SAML IdP's will immediately provide a metadata file when you are creating a SAML application. but it's also possible that you will first need to add the application before you can download the IdP metadata file. Download Metadata and upload the file on the <a href="https://app.cheqroom.com/#admin/settings/integrations/saml" rel="nofollow noopener noreferrer" target="_blank">SAML integration page</a> in Cheqroom

The Service Provider details (ACS URL and Entity ID) can also be copied from the <a href="https://app.cheqroom.com/#admin/settings/integrations/saml" rel="nofollow noopener noreferrer" target="_blank">SAML integration page</a> in Cheqroom

Make sure that you configure the following attributes:

- <code>name</code>
- <code>username</code>
- <code>email</code>

Also make sure that you return a Name Identifier (NameID) in your SAML response

When you're done adding the application in your IdP, go back to the <a href="https://app.cheqroom.com/#admin/settings/integrations/saml" rel="nofollow noopener noreferrer" target="_blank">SAML integration page</a> in Cheqroom and click Enable SSO

- The Service Provider details (ACS URL and Entity ID) can also be copied from the <a href="https://app.cheqroom.com/#admin/settings/integrations/saml" rel="nofollow noopener noreferrer" target="_blank">SAML integration page</a> in Cheqroom
- Make sure that you configure the following attributes:
 - <code>name</code>
 - <code>username</code>
 - <code>email</code>
- Also make sure that you return a Name Identifier (NameID) in your SAML response
- When you're done adding the application in your IdP, go back to the <a href="https://app.cheqroom.com/#admin/settings/integrations/saml" rel="nofollow noopener noreferrer" target="_blank">SAML integration page</a> in Cheqroom and click Enable SSO

To make sure SSO is working properly, perform these steps:

Log out and close all Cheqroom browser sessions you have open

Go to <a href="https://login.cheqroom.com/" rel="nofollow noopener noreferrer" target="_blank">https://login.cheqroom.com</a>

You should now be redirected to your SAML IdP login page

1. Log out and close all Cheqroom browser sessions you have open
2. Go to <a href="https://login.cheqroom.com/" rel="nofollow noopener noreferrer" target="_blank">https://login.cheqroom.com</a>
3. Enter your email address
4. You should now be redirected to your SAML IdP login page
5. Enter your credentials

After entering your credentials, you should be redirected and logged in to Cheqroom.

This step is only related if you've chosen that your roles are managed from SAML IdP. More information can be found on the <a href="https://help.cheqroom.com/en/articles/5169160-configure-how-roles-are-managed-for-sso">Configure how roles are managed for SSO</a> help article.

Go to the Cheqroom application in your IdP 

Add an extra attribute (similar like adding name, email, username):

Next you will need to specific the role values on your users. You can copy paste the role values from the <a href="https://app.cheqroom.com/#admin/settings/integrations/saml" rel="nofollow noopener noreferrer" target="_blank">SAML integration page</a> in Cheqroom.

- Go to the Cheqroom application in your IdP 
- Add an extra attribute (similar like adding name, email, username):
 - <code>cheqroom__role</code>
- Next you will need to specific the role values on your users. You can copy paste the role values from the <a href="https://app.cheqroom.com/#admin/settings/integrations/saml" rel="nofollow noopener noreferrer" target="_blank">SAML integration page</a> in Cheqroom.

Enable SAML integration

Setup SAML IdP

Testing SSO

Configuring Roles