# Single Sign On (SAML)

{% hint style="info" %}
**Note:** Starting from May 14, 2023, Aporia's SSO login url will be updated to \
[`https://platform.aporia.com?kc_idp_hint=`**`<ACCOUNT_NAME>`**](https://platform.aporia.com/?kc_idp_hint=%3CACCOUNT_NAME%3E)
{% endhint %}

You can easily give access to Aporia to your team using your favorite SAML Idp.

The integration status can be found on the "Integrations" page, accessible through the sidebar:

![All Integrations](https://691195388-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FMGlr0qI6TBrhv4rIjaKP%2Fuploads%2Fkxnb8Lp1LyWrQ4NVythp%2Fall_integrations.png?alt=media)

### Setting up the SAML integration

**STEP 1:** Contact your Aporia account representative to get your `{BASE URL}` and `{ALIAS}` info.

**STEP 2:** Login to your IdP and create a SAML app with the following configuration:

1. **Single Sign On URL / Application ACS URL** **-** should be in the following format `{BASE_URL}/keycloak/realms/aporia/broker/{ALIAS}/endpoint`
2. **Audience URI (SP Entity ID) -** should be in the following format `{BASE_URL}/keycloak/realms/aporia`
3. **Name ID format -** EmailAddress
4. **Application username -** Email
5. **Mapping (required for AWS) -** \
   User attribute in the application: Subject\
   Maps to this string value or user attribute in IAM Identity Center: ${user:email}\
   Format: emailAddress

**STEP 3:** Supply the IdP app metadata (file / url) to your Aporia account representative.

**Yay!** :tada: **You can now go and test your connection using the Idp-initiated login link.**