Single Sign On (SAML)

Note: Starting from May 14, 2023, Aporia's SSO login url will be updated to<ACCOUNT_NAME>
You can easily give access to Aporia to your team using your favorite SAML Idp.
The integration status can be found on the "Integrations" page, accessible through the sidebar:
All Integrations

Setting up the SAML integration

STEP 1: Contact your Aporia account representative to get your {BASE URL} and {ALIAS} info.
STEP 2: Login to your IdP and create a SAML app with the following configuration:
  1. 1.
    Single Sign On URL / Application ACS URL - should be in the following format {BASE_URL}/keycloak/realms/aporia/broker/{ALIAS}/endpoint
  2. 2.
    Audience URI (SP Entity ID) - should be in the following format {BASE_URL}/keycloak/realms/aporia
  3. 3.
    Name ID format - EmailAddress
  4. 4.
    Application username - Email
  5. 5.
    Mapping (required for AWS) - User attribute in the application: Subject Maps to this string value or user attribute in IAM Identity Center: ${user:email} Format: emailAddress
STEP 3: Supply the IdP app metadata (file / url) to your Aporia account representative.
You can now go and test your connection using the Idp-initiated login link.