Configure Single Sign-On in OneLogin for CloudCheckr CMx

In this topic, you will learn how to set up SSO with your OneLogin account by configuring:

  • OneLogin (the Identity Provider or IdP)
  • CloudCheckr CMx (the Service Provider or SP)

Prerequisite

You must be an enterprise customer to use IdP-initiated SSO.


Workflow

  1. From your OneLogin landing page, select the New App button or from the App drop-down menu, select Add Apps.
  2. On the Search page, type CloudCheckr in the search text field.
  3. From the search results, click CloudCheckr Multi.

    The portal page opens.

  4. Click Save from the top right of the page.

    he configuration page opens.

  5. Select the Configuration tab.
  6. Choose the Consumer URL and Audience that match the AWS region you use to access CloudCheckr:

    Region

    Consumer URL

    Audience

    US

    https://app-us.cloudcheckr.com/auth/sso/saml2/Acs

    https://app-us.cloudcheckr.com/auth

    EU

    https://app-eu.cloudcheckr.com/auth/sso/saml2/Acs

    https://app-eu.cloudcheckr.com/auth

    AU

    https://app-au.cloudcheckr.com/auth/sso/saml2/Acs

    https://app-au.cloudcheckr.com/auth

    GOV

    https://app-gov.cloudcheckr.com/auth/sso/saml2/Acs

    https://app-gov.cloudcheckr.com/auth

    Federal

    https://app-fed.cloudcheckr.com/auth/sso/saml2/Acs

    https://app-fed.cloudcheckr.com/auth

  7. Provide a valid email address for each user that will be logging into CloudCheckr by selecting the user from the list, and entering the correct email for the CloudCheckr account you have configured.
  8. Click Save.
  9. On the SSO tab, select View Details below the x.509 certificate.
  10. Click Copy to Clipboard to copy the entire certificate and paste it into your reference document.
  11. Copy the issuer URL and the SAML endpoint, which will be used to configure your SSO in CloudCheckr.
  12. Click Save.
  1. Create a support ticket in the CloudCheckr Service Desk Portal that indicates you configured your SAML information.
  2. Attach the XML file that you downloaded in the previous procedure to your ticket.
    Although CloudCheckr will provision your users for the first-time logon, your organization must enable specific permissions and account access for your CloudCheckr CMx users. For more information, see the Access Management and Roles topics.

How did we do?