Single Sign On (SAML)

You can easily give access to Aporia to your team using your favorite SAML Idp.

The integration status can be found on the "Integrations" page, accessible through the sidebar:

Setting up the SAML integration

STEP 1: Contact your Aporia account representative to get your {BASE URL} and {ALIAS} info.

STEP 2: Login to your IdP and create a SAML app with the following configuration:

1. Single Sign On URL / Application ACS URL - should be in the following format {BASE_URL}/keycloak/realms/aporia/broker/{ALIAS}/endpoint

2. Audience URI (SP Entity ID) - should be in the following format {BASE_URL}/keycloak/realms/aporia

3. Name ID format - EmailAddress

4. Application username - Email

5. Mapping (required for AWS) - User attribute in the application: Subject Maps to this string value or user attribute in IAM Identity Center: ${user:email} Format: emailAddress

STEP 3: Supply the IdP app metadata (file / url) to your Aporia account representative.