SSO – Single Sign-On Setup: Azure

Follow this procedure to configure the Azure portion of the Azure Active Directory Single Sign-On instructions.

For instructions on how to configure the CloudCheckr portion for Azure Active Directory, review the Microsoft Azure Configuration – Active Directory/O365 Accounts topic.

Azure Single Sign-On will not work with the credentials of an existing CloudCheckr user.

As part of the initial SSO sign-in procedure, Azure Active Directory needs to create a user in CloudCheckr. If you use an existing user from a CloudCheckr account that was not created in SSO, you will get an error message.

Follow these steps before you attempt to sign in:

  1. Delete the existing user in CloudCheckr. Make note of the user's configuration and permissions for later use. (Admin user must perform this step.)

  2. Access CloudCheckr via SSO using the CloudCheckr application on https://myapps.microsoft.com to recreate the CloudCheckr user account.
  3. Return to CloudCheckr to configure or modify the user's access in more detail. (Admin user must perform this step.)

When these steps are complete, you will no longer be able to access CloudCheckr directly from the CloudCheckr login page and must access CloudCheckr via Azure Active Directory SSO.


Procedure

  1. Login to the Azure portal.

    The Microsoft Azure Dashboard opens.

  2. On the left navbar, click Azure Active Directory.

    The Azure Active Directory blade opens.

  3. In the Manage Section, click Enterprise applications.

    The Enterprise applications blade opens.

  4. Click New application.

    The Add an application blade opens.

  5. Select Non-gallery application.

    The  Add your own application blade opens.

  6. In the Name text field, type CloudCheckr
  7. From the bottom of the page, click Add.

    The CloudCheckr - Quick start screen opens.

  8. Select Assign a user for testing (required).

    The Users and Groups blade opens.

  9. Click Add user.

    The Add Assignment blade opens.

  10. Select Users.

    A list of users displays.

  11. Select a user from the list and click Select.

  12. In the Add Assignment blade, click Assign.
  13. Close any open blades and return to the CloudCheckr - Quick start screen.
  14. Select Create your test user in CloudCheckr (required).

    The Provisioning blade opens.

  15. Verify that the provisioning mode is set to Manual.

  16. Click Save and close the blade to return to the CloudCheckr - Quick start screen.

  17. Click Configure single sign-on (required).

  18. Perform the following actions:

    1. From the Single Sign-on Mode drop-down menu, select SAML-based Sign-on.
    2. In the Identifier text field:
      • For iDP-initiated SSO, type https://app.cloudcheckr.com/AzureAD/AzureSSO_SignIn
      • For SP-initiated SSO, type https://mycompanyscloud.mycompany.com/AzureAD/AzureSSO_SignIn
    3. In the Reply URL text field:
      • For iDP-initiated SSO, type https://app.cloudcheckr.com/LogOn/LogOnAzureSSO
      • For SP-initiated SSO, type https://mycompanyscloud.mycompany.com/LogOn/LogOnAzureSSO
    4. Select the Show advanced URL settings check box.
    5. In the Sign-on URL text field:
      • For iDP-initiated SSO, type https://app.cloudcheckr.com/AzureAD/AzureSSO_SignIn
      • For SP-initiated SSO, type https://mycompanyscloud.mycompany.com/AzureAD/AzureSSO_SignIn
    6. Click Save.

  19. Once the Enterprise application setup is complete, you can log into  https://myapps.microsoft.com and select CloudCheckr from the list of applications.

How did we do?