Configure Single Sign-On in Google for CloudCheckr CMx

In this topic, you will learn how to set up Single Sign-On (SSO) with your Google account in CloudCheckr CMx.

Prerequisite

You must be an enterprise customer to use IdP-initiated SSO.


Workflow

  1. In your Google Admin console, click Apps > SAML apps.
  2. Select the Add a service/App to your domain link or click the plus (+) icon in the bottom corner.

  3. Select Setup my own custom SAML App.

    The Google IDP Information window opens and the Single Sign-On URL and the Entity ID URL fields automatically populate.
  4. Download the IDP metadata, and send the downloaded XML file to CloudCheckr Support.

  5. Click Next.
  6. In the Basic Application Information window, provide an application name (CloudCheckr CMx) and description.
  7. In the Service Provider Details window, choose the ACS URL, Entity ID, and Start URL that match the region you use to access CloudCheckr:

    Region

    ACS URL

    Entity ID

    Start URL

    US

    https://auth-us.cloudcheckr.com/auth/sso/saml2/Acs

    https://auth-us.cloudcheckr.com/auth

    https://app-us.cloudcheckr.com

    EU

    https://auth-eu.cloudcheckr.com/auth/sso/saml2/Acs

    https://auth-eu.cloudcheckr.com/auth

    https://app-eu.cloudcheckr.com

    AU

    https://auth-au.cloudcheckr.com/auth/sso/saml2/Acs

    https://auth-au.cloudcheckr.com/auth

    https://app-au.cloudcheckr.com

    GOV

    https://auth-gov.cloudcheckr.com/auth/sso/saml2/Acs

    https://auth-gov.cloudcheckr.com/auth

    https://app-gov.cloudcheckr.com

    Federal

    https://auth-fed.cloudcheckr.com/auth/sso/saml2/Acs

    https://auth-fed.cloudcheckr.com/auth

    https://app-fed.cloudcheckr.com

    If you are configuring SP-Initiated SSO, copy https://auth.mycompanycloud.com/auth/sso/saml2/Acs into the Assertion Consumer Service (ACS) field.
  8. In the Service Provider Details window, provide the following information:
    • NameID Format: EMAIL
    • Signed Response: Yes (checked)
  9. Click Next.

    No mappings are required.
  10. Click Finish.
  11. To turn on SSO to your new SAML App, go to your Google Admin console, and select your new SAML app.
  12. At the top of the gray box, click More Settings and select one of the following options:

    • On for everyone to turn on the service for all users (click again to confirm).
    • Off to turn off the service for all users (click again to confirm).
    • On for some organizations to change the setting only for some users.
  13. Ensure that your user account email IDs match those in your G Suite domain.

  14. Send the SAML metadata file to CloudCheckr Support.

    After Support configures your account, it will take approximately 30 minutes before you can access your account in CloudCheckr CMx.
  15. Log into your Google account.
  16. Click the applications grid on the top.
  17. Click More if CloudCheckr CMx is not seen.
  18. Click the CloudCheckr CMx icon to access CloudCheckr CMx.
  1. Create a support ticket in the CloudCheckr Service Desk Portal that indicates you configured your SAML information.
  2. Attach the XML file that you downloaded in the previous procedure to your ticket.
    Although CloudCheckr will provision your users for the first-time logon, your organization must enable specific permissions and account access for your CloudCheckr CMx users. For more information, see the Access Management and Roles topics.

How did we do?