Configure Single Sign-On for Active Directory

Follow this procedure to configure the Azure portion of the Active Directory Single Sign-On instructions.

To learn how to configure the CloudCheckr portion for Azure Active Directory, review the instructions for the legacy or new app registrations.

Azure Single Sign-On will not work with the credentials of an existing CloudCheckr user.

As part of the initial SSO sign-on procedure, Azure Active Directory needs to create a user in CloudCheckr. If you use an existing user from a CloudCheckr account that was not created in SSO, you will get an error message.

Follow these steps before you attempt to sign in:

  1. Delete the existing user in CloudCheckr. Make note of the user's configuration and permissions for later use. (Admin user must perform this step.)
  2. Access CloudCheckr via SSO using the CloudCheckr application on to recreate the CloudCheckr user account.
  3. Return to CloudCheckr to configure or modify the user's access in more detail. (Admin user must perform this step.)

When these steps are complete, you will no longer be able to access CloudCheckr directly from the CloudCheckr login page and must access CloudCheckr via Azure Active Directory SSO.


  1. Login to the Azure portal.
    The Microsoft Azure Dashboard opens.
  2. On the left navbar, click Azure Active Directory.
    The Azure Active Directory blade opens.
  3. In the Manage Section, click Enterprise applications.
    The Enterprise applications blade opens.
  4. Click New application.
    The Add an application blade opens.
  5. Select Non-gallery application.
    The  Add your own application blade opens.
  6. In the Name text field, type CloudCheckr
  7. From the bottom of the page, click Add.
    The CloudCheckr - Quick start screen opens.
  8. Select Assign a user for testing (required).
    The Users and Groups blade opens.
  9. Click Add user.
    The Add Assignment blade opens.
  10. Select Users.
    A list of users displays.
  11. Select a user from the list and click Select.
  12. In the Add Assignment blade, click Assign.
  13. Close any open blades and return to the CloudCheckr - Quick start screen.
  14. Select Create your test user in CloudCheckr (required).
    The Provisioning blade opens.
  15. Verify that the provisioning mode is set to Manual.
  16. Click Save and close the blade to return to the CloudCheckr - Quick start screen.
  17. Click Configure single sign-on (required).
  18. Perform the following actions:
    If you login to CloudCheckr at or, be sure to use that URL in place of in the following steps.
    1. From the Single Sign-on Mode drop-down menu, select SAML-based Sign-on.
    2. In the Identifier text field:
      • For iDP-initiated SSO, type
      • For SP-initiated SSO, type
    3. In the Reply URL text field:
      • For iDP-initiated SSO, type
      • For SP-initiated SSO, type
    4. Select the Show advanced URL settings check box.
    5. In the Sign-on URL text field:
      • For iDP-initiated SSO, type
      • For SP-initiated SSO, type
    6. Click Save.
  19. Once the Enterprise application setup is complete, you can log into and select CloudCheckr from the list of applications.

How did we do?