Configure Single Sign-On for Google in CloudCheckr CMx
In this topic, you will learn how to set up Single Sign-On (SSO) with your Google account in CloudCheckr CMx.
You must be an enterprise customer to use IdP-initiated SSO.
- Create a support ticket in the CloudCheckr Service Desk Portal that indicates you need to set up SAML.
- A CloudCheckr Support engineer will:
- walk you through how to generate SAML IdP metadata through your SSO provider
- validate that the authentication process is working in your environment successfully
- In your Google Admin console, click Apps > SAML apps.
- Select the Add a service/App to your domain link or click the plus (+) icon in the bottom corner.
- Select Setup my own custom SAML App. The Google IDP Information window opens and the Single Sign-On URL and the Entity ID URL fields automatically populate.
- Download the IDP metadata, and send the downloaded XML file to CloudCheckr Support.
- Click Next.
- In the Basic Application Information window, provide an application name (CloudCheckr CMx) and description.
- In the Service Provider Details window, provide the following information:
If you log in to CloudCheckr CMx at https://app-eu.cloudcheckr.com, https://app-au.cloudcheckr.com, or https://app-gov.cloudcheckr.com, replace 'us' where appropriate in the following steps.ACS URL:
- For iDP-initiated SSO, type https://auth-us.cloudcheckr.com/auth/sso/saml2/Acs
- For SP-initiated SSO, type https://auth.mycompanycloud.com/auth/sso/saml2/Acs
- For iDP-initiated SSO, type https://auth-us.cloudcheckr.com/auth
- For SP-initiated SSO, type https://auth-us.cloudcheckr.com/auth
- NameID Format: EMAIL
- Signed Response: Yes (checked)
- Click Next. No mappings are required.
- Click Finish.
- To turn on SSO to your new SAML App, go to your Google Admin console, and select your new SAML app.
- At the top of the gray box, click More Settings and select one of the following options:
- On for everyone to turn on the service for all users (click again to confirm).
- Off to turn off the service for all users (click again to confirm).
- On for some organizations to change the setting only for some users.
- Ensure that your user account email IDs match those in your G Suite domain.
- Send the SAML metadata file to CloudCheckr Support. After Support configures your account, it will take approximately 30 minutes before you can access your account in CloudCheckr CMx.
- Log into your Google account.
- Click the applications grid on the top.
- Click More if CloudCheckr CMx is not seen.
- Click the CloudCheckr CMx icon to access CloudCheckr CMx.