Configure Single Sign-On for Google in CloudCheckr

In this topic, you will learn how to set up SSO with your Google account.

  1. In your Google Admin console, click Apps > SAML apps.
  2. Select the Add a service/App to your domain link or click the plus (+) icon in the bottom corner.

  3. Select Setup my own custom SAML App.

    The Google IDP Information window opens and the Single Sign-On URL and the Entity ID URL fields automatically populate.
  4. Download the IDP metadata, and send the downloaded XML file to CloudCheckr Support.

  5. Click Next.
  6. In the Basic Application Information window, provide an application name and description.
  7. In the Service Provider Details window, provide the following information:
    If you log in to CloudCheckr at https://eu.cloudcheckr.com, https://au.cloudcheckr.com, https://gov.cloudcheckr.com, or https://fed.cloudcheckr.com, use one of those URLs in place of https://app.cloudcheckr.com in the following steps.
    ACS URL:
    • For iDP-initiated SSO, type https://app.cloudcheckr.com/sso/acs
    • For SP-initiated SSO, type https://mycompanyscloud.mycompany.com/sso/acs

    Entity ID:
    • For iDP-initiated SSO, type https://app.cloudcheckr.com
    • For SP-initiated SSO, type https://mycompanyscloud.mycompany.com

    Start URL:
    • For iDP-initiated SSO, type https://app.cloudcheckr.com
    • For SP-initiated SSO, type https://mycompanyscloud.mycompany.com

    NameID: Basic Information - Primary Email
    • NameID Format: EMAIL
    • Signed Response: Yes (checked)
  8. Click Next.

    No mappings are required.
  9. Click Finish.
  10. To turn on SSO to your new SAML App, go to your Google Admin console, and select your new SAML app.
  11. At the top of the gray box, click More Settings and select one of the following options:

    • On for everyone to turn on the service for all users (click again to confirm).
    • Off to turn off the service for all users (click again to confirm).
    • On for some organizations to change the setting only for some users.
  12. Ensure that your user account email IDs match those in your G Suite domain.

  13. Send the SAML metadata file to CloudCheckr Support.

    After Support configures your account, it will take approximately 30 minutes before you can access your account in CloudCheckr.
  14. Log into your Google account.
  15. Click the applications grid on the top.
  16. Click More if CloudCheckr access is not seen.
  17. Click the CloudCheckr icon to access CloudCheckr.

How did we do?