Configure Single Sign-On for Azure Active Directory in CloudCheckr CMx
Follow this procedure to configure the Azure portion of the Active Directory Single Sign-On (SSO) for CloudCheckr CMx.
You must be an enterprise customer to use IdP-initiated SSO.
- Create a support ticket in the CloudCheckr Service Desk Portal that indicates you need to set up SAML.
- A CloudCheckr Support engineer will:
- walk you through how to generate SAML IdP metadata through your SSO provider
- validate that the authentication process is working in your environment successfully
- Log in to the Azure portal.
- From the left navbar, click Azure Active Directory.
- In the Manage section of the Azure Active Directory blade, click Enterprise applications.
- Click New application.
- Select Non-gallery application.
- In the Name text field, type CloudCheckr CMx
- From the bottom of the page, click Add.
- From the CloudCheckr CMx - Quick start screen, select Assign a user for testing (required). The Users and Groups blade opens.
- Click Add user.
The Add Assignment blade opens.
- Select Users.
A list of users displays.
- Select a user from the list and click Select.
- In the Add Assignment blade, click Assign.
- Close any open blades and return to the CloudCheckr CMx - Quick start screen.
- Select Create your test user in CloudCheckr (required).
The Provisioning blade opens.
- Verify that the provisioning mode is set to Manual.
- Click Save and close the blade.
- From the CloudCheckr CMx - Quick start screen, click Configure single sign-on (required).
If you log in to CloudCheckr CMx at https://app-eu.cloudcheckr.com, https://app-au.cloudcheckr.com, https://app-gov.cloudcheckr.com, or https://app-fed.cloudcheckr.com, update the URLs accordingly in the following steps.
- From the Single Sign-on Mode drop-down menu, select SAML-based Sign-on.
- In the Identifier text field:
- For iDP-initiated SSO, type https://auth-us.cloudcheckr.com/auth
- For SP-initiated SSO, type https://auth.mycompanycloud.com/auth
- In the Reply URL text field:
- For iDP-initiated SSO, type https://auth-us.cloudcheckr.com/auth/sso/saml2/Acs
- For SP-initiated SSO, type https://auth.mycompanycloud.com/auth/sso/saml2/Acs
- Select the Show advanced URL settings check box.
- SP-initiated SSO ONLY - In the Sign-on URL text field, type https://auth.mycompanycloud.com/auth
- Click Save.
Here is an example of what a completed SSO configuration would look like:
- Once the Enterprise application setup is complete, you can log in to https://myapps.microsoft.com and select CloudCheckr CMx from the list of applications.
- Please contact Support directly to ensure your CloudCheckr CMx account is properly configured to allow access to Azure Active Directory.