Single Sign On (SAML)

Note: Starting from May 14, 2023, Aporia's SSO login url will be updated to https://platform.aporia.com?kc_idp_hint=<ACCOUNT_NAME>

You can easily give access to Aporia to your team using your favorite SAML Idp.

The integration status can be found on the "Integrations" page, accessible through the sidebar:

Setting up the SAML integration

STEP 1: Contact your Aporia account representative to get your {BASE URL} and {ALIAS} info.

STEP 2: Login to your IdP and create a SAML app with the following configuration:

  1. Single Sign On URL / Application ACS URL - should be in the following format {BASE_URL}/keycloak/realms/aporia/broker/{ALIAS}/endpoint

  2. Audience URI (SP Entity ID) - should be in the following format {BASE_URL}/keycloak/realms/aporia

  3. Name ID format - EmailAddress

  4. Application username - Email

  5. Mapping (required for AWS) - User attribute in the application: Subject Maps to this string value or user attribute in IAM Identity Center: ${user:email} Format: emailAddress

STEP 3: Supply the IdP app metadata (file / url) to your Aporia account representative.

Yay! 🎉 You can now go and test your connection using the Idp-initiated login link.

Last updated