Single Sign On (SSO) using Azure

Follow the steps below to enable Microsoft SSO.

1. Sign in to Cloudchipr.

2. Browse to Settings > Account Security

   1. Select Microsoft in Enable Single Sign On (SSO) section
   2. Select ENABLE
   

3. Keep the pop-up window open, as you will need to proceed with the Microsoft Entrap SSO setup steps. The information from these steps will be required in the upcoming stages.

   

Follow the steps below to enable Microsoft Entra SSO.

1. Sign in to Microsoft Entra admin center

2. Browse to Identity > Applications > Enterprise applications > New application.

3. Select Create your own application

4. In the results panel choose

   1. In the name field, enter Cloudchipr.

   2. Choose Integrate any other application you don't find in the gallery (Non-gallery) ****

   3. Select Create

      

5. Browse the newly created Identity > Applications > Enterprise applications > Cloudchipr

6. Click Single sign-on from the left menu

   1. Select SAML as Select a single sign-on method
   

7. In the Basic SAML Configuration section, please follow the following steps:

   1. In the Identifier (Entity ID) text box, enter the Identifier value copied from Cloudchipr Enable Microsoft SSO setup.
   2. In the Reply URL (Assertion Consumer Service URL) text box, enter the Reply URL from Cloudchipr Enable Microsoft SSO setup.
   3. Select Save
   

   1. On Set up single sign-on with SAML page, in the SAML Signing Certificate section, find Federation Metadata XML and select Download to download the certificate and save it on your computer.

      

   2. Open the Federation Metadata XML file Copy the content and paste it in Cloudchipr Enable Microsoft SSO setup page.

      

   Add Roles

   1. Sign in to Microsoft Entra admin center
   2. Browse to Identity > Groups
   3. Add New groups (Group type can be Security)
      1. CloudchiprAdmins
      2. CloudchiprBillingAdmins
      3. CloudchiprViewers
   

   1. Browse the newly created Identity > Applications > Enterprise applications > Cloudchipr appication

   2. Click Single sign-on from the left menu

   3. Click Attributes & Claims > Edit

   4. Select Add new claim in Attributes & Claims dialog

      1. In the Name text box, enter the role

      2. Select Claim conditions

      3. Add conditions

         1. For User type Members, Scoped Groups CloudchiprAdmins and Source Attribute set value "admin"
         2. For User type Members, Scoped Groups CloudchiprBillingAdmins and Source Attribute set value "billing_admin"
         3. For User type Members, Scoped Groups CloudchiprBillingExplorerAdmins and Source Attribute set value "billing_explorer_admin"
         4. For User type Members, Scoped Groups CloudchiprViewer and Source Attribute set value "viewer"
         5. For User type Members, Scoped Groups CloudchiprViewerProtector and Source Attribute set value "viewer_protector"
         6. For User type Members, Scoped Groups CloudchiprWorkflowResourcesProtectorViewer and Source Attribute set value "workflow_resources_protector"

      4. Select Save

         

   Add Users

   1. Browse the newly created Identity > Applications > Enterprise applications > Cloudchipr

   2. select Users and groups.

      1. Select Add user/group, then select Users and groups in the Add Assignment dialog.

      2. In the Users and groups dialog, Choose Groups and add all cloudchipr groups

         1. CloudchiprAdmins

         2. CloudchiprBillingAdmins

         3. CloudchiprViewer

            

      3. Select

      4. Set the default value for the Select a role dropdown (for example, User )

      5. In the Add Assignment dialog, click the Assign button.

   3. All users assigned to Cloudchipr groups can access the Cloudchipr app on https://www.office.com/apps based on their respective group roles, or simply by entering their emails at https://app.cloudchipr.com.