Configure Single Sign-On for Okta in CloudCheckr CMx

In this topic, you will learn how to set up Single Sign-On (SSO) for your Okta account in CloudCheckr CMx by configuring:

  • Okta (the Identity Provider or IdP)
  • CloudCheckr CMx (the Service Provider or SP)


You must be an enterprise customer to use IdP-initiated SSO.


In the steps that prompt you for the app name, replace the default with:
  • if you are a customer based in Europe
  • if you are a customer based in Asia or Australia
  • if you are a GovCloud customer
  1. Create a support ticket in the CloudCheckr Service Desk Portal that indicates you need to set up SAML.
  2. A CloudCheckr Support engineer will:
    • walk you through how to generate SAML IdP metadata through your SSO provider
    • validate that the authentication process is working in your environment successfully
      Although CloudCheckr will provision your users for the first-time logon, your organization must enable specific permissions and account access for your CloudCheckr CMx users. For more information, see the Access Management and Roles topics.
  1. In your Administration console, go to Applications tab, and click Create New App.
  2. Select the SAML 2.0 option.
  3. Under General Settings, go to the App name text field and type CloudCheckr CMx
  4. Configure the following SAML settings:
    1. Single Sign-On URL:
      • For iDP-initiated SSO, type
      • For SP-initiated SSO, type
    2. Recipient URL and Destination URL: Yes
    3. Audience URI (SP Entity ID):
      • For iDP-initiated SSO, type
      • For SP-initiated SSO, type
    4. Name ID format: EmailAddress
    5. Default username: Email
    6. Response: Signed
    7. Assertion: Signed
    8. Authentication context class: X.509 Certificate
    9. Request compression: Compressed
  5. On the Sign On tab of the new application, click the Identity Provider metadata link to download an XML file that contains the metadata from Okta that CloudCheckr CMx requires to complete the setup.
  6. On the People tab, click the Assign Application button to select the link that users will see when they log onto CloudCheckr CMx.
    Email addresses as SSO usernames are required, so if your users do not have email, you must provide an email address.
  1. Please email Support to ensure your CloudCheckr account is properly configured to allow access via Okta.

How did we do?