Configure Single Sign-On for Azure Active Directory in CloudCheckr CMx

Follow this procedure to configure the Azure portion of the Active Directory Single Sign-On (SSO) for CloudCheckr CMx.

If you are a white label customer, we encourage you to contact your Customer Success Manager or our Support team to confirm you're properly set up before you configure Azure Active Directory SSO.


You must be an enterprise customer to use IdP-initiated SSO.


  1. Create a support ticket in the CloudCheckr Service Desk Portal that indicates you need to set up SAML.
  2. A CloudCheckr Support engineer will:
    • walk you through how to generate SAML IdP metadata through your SSO provider
    • validate that the authentication process is working in your environment successfully
      Although CloudCheckr will provision your users for the first-time logon, your organization must enable specific permissions and account access for your CloudCheckr CMx users. For more information, see the Access Management and Roles topics.
  1. Log in to the Azure portal.
  2. From the left navbar, click Azure Active Directory.
  3. In the Manage section of the Azure Active Directory blade, click Enterprise applications.
  4. Click New application.
  5. Select Non-gallery application.
  6. In the Name text field, type CloudCheckr CMx
  7. From the bottom of the page, click Add.
  1. From the CloudCheckr CMx - Quick start screen, select Assign a user for testing (required).
    The Users and Groups blade opens.
  2. Click Add user.
    The Add Assignment blade opens.
  3. Select Users.
    A list of users displays.
  4. Select a user from the list and click Select.
  5. In the Add Assignment blade, click Assign.
  6. Close any open blades and return to the CloudCheckr CMx - Quick start screen.
  7. Select Create your test user in CloudCheckr (required).
    The Provisioning blade opens.
  8. Verify that the provisioning mode is set to Manual.
  9. Click Save and close the blade.
  1. From the CloudCheckr CMx - Quick start screen, click Configure single sign-on (required).
    If you log in to CloudCheckr CMx at,,, or, update the URLs accordingly in the following steps.
  2. From the Single Sign-on Mode drop-down menu, select SAML-based Sign-on.
  3. In the Identifier text field:
    • For iDP-initiated SSO, type
    • For SP-initiated SSO, type
  4. In the Reply URL text field:
    • For iDP-initiated SSO, type
    • For SP-initiated SSO, type
  5. Select the Show advanced URL settings check box.
  6. SP-initiated SSO ONLY - In the Sign-on URL text field, type
  7. Click Save.
    Here is an example of what a completed SSO configuration would look like:
  8. Once the Enterprise application setup is complete, you can log in to and select CloudCheckr CMx from the list of applications.
  9. Please contact Support directly to ensure your CloudCheckr CMx account is properly configured to allow access to Azure Active Directory.

How did we do?