CloudCheckr Single Sign-On


CloudCheckr comes with native support for username/password-based authentication for all pricing plans/tiers. By upgrading to the Enterprise plan, your organization will gain Single-Sign On (SSO) integration for one of the following SAML 2.0 compliant providers: PingOne, OneLogin, or Okta. This allows you to meet the security requirements of your organization by utilizing the various authentication options made available.

Furthermore combining authentication methods is supported. This provides the ability to allow some users to login via SSO and others to use the native username/password-based authentication.

Please be aware that the ability to use another SSO Provider may require additional customizations of CloudCheckr. Please contact sales ( for inquiries regarding support for SAML 2.0 compliant SSO Providers not listed.


In order to enable Single Sign On, please contact a Support Engineer by submitting a ticket via the CloudCheckr Service Desk Portal. A Support Engineer will start you out and guide you through the setup process. During this easy process, you will work with our Support Engineer to:

  • Generate IdP metadata.
  • Choose a default Role for any new users created by SSO.
  • Validate that the authentication process is working smoothly with your environment.

Please note: CloudCheckr’s authentication is IdP-intiated, rather than SP-initiated. CloudCheckr will provision your users upon first-time logon, but it will still be your responsibility to enable specific permissions and account access for your CloudCheckr users. You can get more info on the user management process at the User Management and User Groups pages.

See the following guides for configuring SSO in CloudCheckr using one of the natively supported SAML 2.0 compliant SSO providers.

Leave a Reply