Configure Single Sign-On for Active Directory

Follow this procedure to configure the Azure portion of the Active Directory Single Sign-On (SSO).

If you are a white label customer, we encourage you to contact your Customer Success Manager or our Support team to confirm you're properly set up before you configure Azure AD SSO.


You must complete these prerequisites before you can configure SSO for Azure Active Directory:

Follow the instructions in the Configure an Active Directory or O365 Account topic.

Azure SSO won't work with an existing CloudCheckr user's credentials.

As part of the initial SSO setup, you must create a new CloudCheckr user. If you use an existing CloudCheckr user that wasn't created in SSO, you will get an error message.

Follow these steps before you attempt to sign in:

  1. In CloudCheckr, delete the existing user and note the user's configuration and permissions.

    (Admin user must perform this step.)

  2. Launch CloudCheckr via SSO using the CloudCheckr application on to recreate the CloudCheckr user account.
  3. Return to CloudCheckr to configure or modify the user's access in more detail.

    (Admin user must perform this step.)

    Once you complete these steps, you can no longer access CloudCheckr from the CloudCheckr login page; you will be required to access CloudCheckr via Azure Active Directory SSO.


  1. Log in to the Azure portal.
  2. From the left navbar, click Azure Active Directory.
  3. In the Manage section of the Azure Active Directory blade, click Enterprise applications.
  4. Click New application.
  5. Select Non-gallery application.
  6. In the Name text field, type CloudCheckr
  7. From the bottom of the page, click Add.
  1. From the CloudCheckr - Quick start screen, select Assign a user for testing (required).

    The Users and Groups blade opens.

  2. Click Add user.

    The Add Assignment blade opens.

  3. Select Users.

    A list of users displays.

  4. Select a user from the list and click Select.
  5. In the Add Assignment blade, click Assign.
  6. Close any open blades and return to the CloudCheckr - Quick start screen.
  7. Select Create your test user in CloudCheckr (required).
    The Provisioning blade opens.
  8. Verify that the provisioning mode is set to Manual.
  9. Click Save and close the blade.
  1. From the CloudCheckr - Quick start screen, click Configure single sign-on (required).
    If you log in to CloudCheckr at,,, or, use one of those URLs in place of in the following steps.
  2. From the Single Sign-on Mode drop-down menu, select SAML-based Sign-on.
  3. In the Identifier text field:
    • For iDP-initiated SSO, type
    • For SP-initiated SSO, type
  4. In the Reply URL text field:
    • For iDP-initiated SSO, type
    • For SP-initiated SSO, type
  5. Select the Show advanced URL settings check box.
  6. In the Sign-on URL text field:
    • For iDP-initiated SSO, type
    • For SP-initiated SSO, type
  7. Click Save.

    Here is an example of what a completed SSO configuration would look like:

  8. Once the Enterprise application setup is complete, you can log in to and select CloudCheckr from the list of applications.

How did we do?