Follow this procedure to configure the Azure portion of the Azure Active Directory Single Sign-On instructions.
For instructions on how to configure the CloudCheckr portion for Azure Active Directory, review the Microsoft Azure Configuration — Active Directory/O365 Accounts topic.
- Login to the Azure portal.
- On the left navbar, click Azure Active Directory.
- In the Manage Section, click Enterprise applications.
- Click New application.
The Add an application blade opens.
- Select Non-gallery application.
The Add your own application blade opens.
- In the Name text field, type CloudCheckr
- From the bottom of the page, click Add.
The CloudCheckr – Quick start screen opens.
- Select Assign a user for testing (required).
The users and Groups blade opens.
- Click Add user.
The Add Assignment blade opens.
- Select Users. A list of users displays.
- Select a user from the list and click Select.
- In the Add Assignment blade, click Assign.
- Close any open blades and return to the CloudCheckr – Quick start screen.
- Select Create your test user in CloudCheckr (required).
The Provisioning blade opens.
- Verify that the provisioning mode is set to Manual.
- Click Save and close the blade to return to the CloudCheckr – Quick start screen.
- Click Configure single sign-on (required).
- Perform the following actions:
- From the Single Sign-on Mode drop-down menu, select SAML-based Sign-on.
- In the Identifier text field, type https://app.cloudcheckr.com/AzureAD/AzureSSO_SignIn
- In the Reply URL text field, type https://app.cloudcheckr.com/LogOn/LogOnAzureSSO
- Select the Show advanced URL settings check box.
- In the Sign-on URL text field, type https://app.cloudcheckr.com/AzureAD/AzureSSO_SignIn
- Click Save.
- Once the Enterprise application setup is complete, users can log into https://myapps.microsoft.com and select CloudCheckr from the list of applications.
- Delete the existing user in CloudCheckr. Make note of the user’s configuration and permissions for later use. (Admin user must perform this step.)
- Access CloudCheckr via SSO using the CloudCheckr application on https://myapps.microsoft.com to recreate the CloudCheckr user account.
- Return to CloudCheckr to configure or modify the user’s access in more detail. (Admin user must perform this step.)
The Microsoft Azure Dashboard opens.
The Enterprise applications blade opens.
README: First Time SSO Use for Existing CloudCheckr Users
Azure Single Sign-On will not work with the credentials of an existing CloudCheckr user.
As part of the initial SSO sign-in procedure, Azure Active Directory needs to create a user in CloudCheckr. If you use an existing user from a CloudCheckr account that was not created in SSO, you will get an error message.
Follow these steps before you attempt to sign in:
When these steps are complete, you will no longer be able to access CloudCheckr directly from the CloudCheckr login page and must access CloudCheckr via Azure Active Directory SSO.