Skip to main content
All CollectionsOnboard your team with Cheqroom
Configuring SSO with Shibboleth
Configuring SSO with Shibboleth
Mateus Savaris avatar
Written by Mateus Savaris
Updated over 2 years ago

NOTE: We currently don't support clicking on the app tile within the IdP, users must access the Cheqroom login page. We recommend that you bookmark that link for faster access. This is because we only support SP-initiated SSO flow.

You'll learn how to configure SSO on your Cheqroom account using Shibboleth Idp:

Enable Shibboleth integration

  • Log in to your Cheqroom account

  • Go to Settings

  • Go to Integrations

  • Find the SSO Shibboleth integration and click Configure

  • Choose a Default user role, this will be assigned to a user who logs in through Shibboleth Idp SSO but has no assigned role. Here we recommend using a role that hasn't got a lot of permissions (for example the Equipment Viewer role)

  • Choose where your roles are sourced, this lets you choose if you want to manage the roles from Shibboleth IdP or keep the role management in Cheqroom. More information can be found on the Configure how roles are managed for SSO help article.

  • Fill in the Domains field, by default, we already add the domain of your email address. In some cases it can be that you have multiple email domains (f.e john@yourcompany1.com and john@yourcompany2.com), then you need to add both domains.

  • Click Next to proceed to the Shibboleth IdP setup.

Setup Shibboleth IdP

  • Download the Cheqroom metadata file

  • Copy the downloaded metadata (cheqroom_metadata.xml) to the following location on your IdP:
    ​%{idp.home/metadata/}

  • Add a MetadataProvider for Cheqroom in your the metadata-providers.xml file:
    ​<MetadataProvider id="LocalMetadata" xsi:type="FilesystemMetadataProvider" metadataFile="%{idp.home}/metadata/cheqroom_metadata.xml"/>
    ​

  • Edit the attribute-filter.xml file and make sure the following attributes are configured for Cheqroom application:

    • email

    • name


    ​Also make sure that you return a Name Identifier (NameID) in your SAML response

  • Add the metadata file of your Shibboleth IdP and click Enable SSO

Testing SSO

To make sure SSO is working properly, perform these steps:

  1. Log out and close all Cheqroom browser sessions you have open

  2. Enter your email address

  3. You should now be redirected to your Shibboleth IdP login page

  4. Enter your credentials

After entering your credentials, you should be redirected and logged in to Cheqroom.

Did this answer your question?