Configure Single Sign-On for Azure Active Directory in CloudCheckr

Azure Active Directory is now Microsoft Entra. Although these instructions state Azure Active Directory, they still apply for Microsoft Entra.

In this topic, you will learn how to set up Single Sign-On (SSO) with your Azure Active Directory account by configuring:

  • Azure Active Directory (the Identity Provider or IdP)
  • CloudCheckr (the Service Provider or SP)
If you are a white label customer, we encourage you to contact your Customer Success Manager or our Support team to confirm you're properly set up before you configure Azure Active Directory SSO.

Procedure

  1. Log in to the Azure portal.
  2. From the left navbar, click Azure Active Directory.
  3. In the Manage section of the Azure Active Directory blade, click Enterprise applications.
  4. Click New application.
  5. Select Non-gallery application.
  6. In the Name text field, type CloudCheckr.
  7. From the bottom of the page, click Add.
  1. From the CloudCheckr - Quick start screen, select Assign a user for testing (required).

    The Users and Groups blade opens.

  2. Click Add user.

    The Add Assignment blade opens.

  3. Select Users.

    A list of users displays.

  4. Select a user from the list and click Select.
  5. In the Add Assignment blade, click Assign.
  6. Close any open blades and return to the CloudCheckr - Quick start screen.
  7. Select Create your test user in CloudCheckr (required).
    The Provisioning blade opens.
  8. Verify that the provisioning mode is set to Manual.
  9. Click Save and close the blade.

In the steps that prompt you to type a URL, make sure to replace the word region with the name of the region where your platform is deployed:

Platform Region
US Production app
Europe eu
Australia au
Gov gov
Fed fed
  1. From the CloudCheckr - Quick start screen, click Configure single sign-on (required).
  2. From the Single Sign-on Mode drop-down menu, select SAML-based Sign-on.
  3. Go to the Identifier text field and type the URL that is appropriate for your SSO configuration:

    iDP-initiated SSO?

    (Not White-Labeled)

    SP-initiated SSO?

    (White-Labeled)

    Type this URL:

    https://region.cloudcheckr.com/AzureAD/AzureSSO_SignIn

    https://white-labeled-url/AzureAD/AzureSSO_SignIn

  4. Go to the Reply URL text field and type the URL that is appropriate for your SSO configuration:

    iDP-initiated SSO?

    (Not White-Labeled)

    SP-initiated SSO?

    (White-Labeled)

    Type this URL:

    https://region.cloudcheckr.com/AzureAD/AzureSSO_SignIn

    https://white-labeled-url/AzureAD/AzureSSO_SignIn

  5. Select the Show advanced URL settings check box.
  6. Go to the Sign On URL text field and type the URL that is appropriate for your SSO configuration:

    iDP-initiated SSO?

    (Not White-Labeled)

    SP-initiated SSO?

    (White-Labeled)

    Type this URL:

    https://region.cloudcheckr.com/AzureAD/AzureSSO_SignIn

    https://white-labeled-url/AzureAD/AzureSSO_SignIn

    This URL could be a subdomain on CloudCheckr’s domain, or the customers domain.
  7. Click Save.

    Here is an example of what a completed SSO configuration would look like for a customer who is not white-labeled:

    Here is an example of what a completed SSO configuration would look like for a white-labeled customer:

  8. Once the Enterprise application setup is complete, you can log in to myapps.microsoft.com and select CloudCheckr from the list of applications.
  9. Please contact Support directly to ensure your CloudCheckr account is properly configured to allow access to Azure Active Directory.

How did we do?