Configure Single Sign-On for OneLogin in CloudCheckr CMx

In this topic, you will learn how to set up SSO with your OneLogin account by configuring:

  • OneLogin (the Identity Provider or IdP)
  • CloudCheckr CMx (the Service Provider or SP)

Prerequisite

You must be an enterprise customer to use IdP-initiated SSO.


Workflow

  1. Create a support ticket in the CloudCheckr Service Desk Portal that indicates you need to set up SAML.
  2. A CloudCheckr Support engineer will:
    • walk you through how to generate SAML IdP metadata through your SSO provider
    • validate that the authentication process is working in your environment successfully
      Although CloudCheckr will provision your users for the first-time logon, your organization must enable specific permissions and account access for your CloudCheckr CMx users. For more information, see the Access Management and Roles topics.
  1. From your OneLogin landing page, select the New App button or from the App drop-down menu, select Add Apps.
  2. On the Search page, type CloudCheckr in the search text field.
  3. From the search results, click CloudCheckr Multi.

    The portal page opens.

  4. Click Save from the top right of the page.

    he configuration page opens.

  5. Select the Configuration tab and provide the following information:
    If you log in to CloudCheckr at https://eu.cloudcheckr.com, https://au.cloudcheckr.com, https://gov.cloudcheckr.com, or https://fed.cloudcheckr.com, use one of those URLs in place of https://app.cloudcheckr.com in the following steps.
    Consumer URL:
    • For iDP-initiated SSO, type https://auth-us.cloudcheckr.com/auth/sso/saml2/Acs
    • For SP-initiated SSO, type https://auth.mycompanycloud.com/sso/acs
    Audience:
    • For iDP-initiated SSO, type https://auth-us.cloudcheckr.com/auth
    • For SP-initiated SSO, type https://auth.mycompanycloud.com
  6. Provide a valid email address for each user that will be logging into CloudCheckr by selecting the user from the list, and entering the correct email for the CloudCheckr account you have configured.
  7. Click Save.
  8. On the SSO tab, select View Details below the x.509 certificate.
  9. Click Copy to Clipboard to copy the entire certificate and paste it into your reference document.
  10. Copy the issuer URL and the SAML endpoint, which will be used to configure your SSO in CloudCheckr.
  11. Click Save.
  1. Please contact Support to ensure your CloudCheckr CMx account is properly configured to allow access via OneLogin.

How did we do?