Configure Single Sign-On for PingOne in CloudCheckr CMx

In this topic, you will learn how to set up Single Sign-On (SSO) with your PingOne account in CloudCheckr CMx by configuring:

  • PingOne (the Identity Provider or IdP)
  • CloudCheckr CMx (the Service Provider or SP)


You must be an enterprise customer to use IdP-initiated SSO.


  1. Create a support ticket in the CloudCheckr Service Desk Portal that indicates you need to set up SAML.
  2. A CloudCheckr Support engineer will:
    • walk you through how to generate SAML IdP metadata through your SSO provider
    • validate that the authentication process is working in your environment successfully
      Although CloudCheckr will provision your users for the first-time logon, your organization must enable specific permissions and account access for your CloudCheckr CMx users. For more information, see the Access Management and Roles topics.
If you log in to CloudCheckr CMx at,, or, replace 'us' accordingly in the URLs included in the following steps.
  1. In your Administration console, go to the Applications tab, click the Add Application button, and select New SAML Application option.

  2. Type CloudCheckr CMx in the App name text field and type CloudCheckr CMx Cloud Management Platform in the Application Description text field.

  3. Configure the following SAML settings:
    1. Protocol Version: SAML v 2.0
    2. Assertion Consumer Service (ACS):
      • For iDP-initiated SSO, type
      • For SP-initiated SSO, type
    3. Entity ID:
      • For iDP-initiated SSO, type
      • For SP-initiated SSO, type
  4. Skip the SSO Attribute Mapping step; no changes are required.
  5. Click Save & Publish.

  6. On the Review Setup page, click the Download to download an XML file that contains the metadata from SAML, which CloudCheckr requires to complete the setup.

  7. Click Finish.

    CloudCheckr CMx is now listed in the My Applications list.

    The user will also see it in their CloudDesktop.
  1. Please contact Support directly to ensure your CloudCheckr CMx account is properly configured to allow access via PingOne.

How did we do?