Configure Single Sign-On in PingOne for CloudCheckr CMx

In this topic, you will learn how to set up Single Sign-On (SSO) with your PingOne account in CloudCheckr CMx by configuring:

  • PingOne (the Identity Provider or IdP)
  • CloudCheckr CMx (the Service Provider or SP)

Workflow

  1. In your Administration console, go to the Applications tab, click the Add Application button, and select New SAML Application option.
  2. In the App name text field, type CloudCheckr CMx
  3. In the Application Description text field, type CloudCheckr CMx Cloud Management Platform
  4. For the Protocol version, select SAML v 2.0.
  5. If you are configuring iDP-initiated SSO, copy the URL corresponding to your CloudCheckr CMx region and paste it into the Assertion Consumer Service (ACS) field:

    Region

    URL

    US Production (https://app-us.cloudcheckr.com)

    https://auth-us.cloudcheckr.com/auth/sso/saml2/Acs

    Europe (https://app-eu.cloudcheckr.com)

    https://auth-eu.cloudcheckr.com/auth/sso/saml2/Acs

    Australia (https://app-au.cloudcheckr.com)

    https://auth-au.cloudcheckr.com/auth/sso/saml2/Acs

    Gov (https://app-gov.cloudcheckr.com)

    https://auth-gov.cloudcheckr.com/auth/sso/saml2/Acs

    Federal (https://app-fed.cloudcheckr.com)

    https://auth-fed.cloudcheckr.com/auth/sso/saml2/Acs

    If you are configuring SP-Initiated SSO, copy https://auth.mycompanycloud.com/auth/sso/saml2/Acs into the Assertion Consumer Service (ACS) field.
  6. If you are configuring iDP-initiated SSO, copy the URL corresponding to your CloudCheckr CMx region and paste it into the Entity ID field:

    Region

    URL

    US Production (https://app-us.cloudcheckr.com)

    https://auth-us.cloudcheckr.com/auth

    Europe (https://app-eu.cloudcheckr.com)

    https://auth-eu.cloudcheckr.com/auth

    Australia (https://app-au.cloudcheckr.com)

    https://auth-au.cloudcheckr.com/auth

    Gov (https://app-gov.cloudcheckr.com)

    https://auth-gov.cloudcheckr.com/auth

    Federal (https://app-fed.cloudcheckr.com)

    https://auth-fed.cloudcheckr.com/auth

    If you are configuring SP-Initiated SSO, copy https://auth.mycompanycloud.com/auth/ into the Entity ID field and replace mycompanycloud.com/auth/ with the name of your organization.
  7. Skip the SSO Attribute Mapping step; no changes are required.
  8. Click Save & Publish.
  9. On the Review Setup page, click Download to download the XML file that contains the SAML metadata to your desktop.
  10. Click Finish.

    PingOne should display CloudCheckr CMx in My Applications list, and the user will also see it in their CloudDesktop.

  1. Create a support ticket in the CloudCheckr Service Desk Portal that indicates you configured your SAML information.
  2. Attach the XML file that you downloaded in the previous procedure to your ticket.
    Although CloudCheckr will provision your users for the first-time logon, your organization must enable specific permissions and account access for your CloudCheckr CMx users. For more information, see the Access Management and Roles topics.

How did we do?