Configure IdP-Initiated Single Sign-On in CloudCheckr

With IdP-initiated SSO, you log into CloudCheckr using a link provided by the identity provider (IdP). At this time, CloudCheckr supports the following IdP providers that are compliant with Security Assertion Markup Language (SAML) 2.0 :

  • AWS
  • Azure Active Directory
  • Google
  • Okta
  • OneLogin
  • PingOne

If your organization uses a different SSO provider than those listed, additional customizations may be required. Please contact sales for information regarding support of other SAML-compliant SSO providers.


Prerequisite: You must be an enterprise customer to use IdP-initiated SSO.
  1. Please submit a ticket to the CloudCheckr Service Desk Portal, so that a support engineer can guide you on how to:
    • generate SAML IdP metadata through your SSO provider; if you are using Azure Active Directory, provide your tenant/directory ID
    • choose a default role for new users created by SSO
    • validate that the authentication process is working in your environment successfully
      Although CloudCheckr will provision your users for the first-time logon, your organization must enable specific permissions and account access for your CloudCheckr users. For more information, see the User Management and User Groups topics.
  2. Click a link for instructions on how to integrate your IdP with CloudCheckr:

How did we do?