Overview
To enable Single Sign-On (SSO) for your organization, you'll need to configure your Identity Provider (IdP) to connect with Aptem's SAML-based authentication. This guide outlines the steps for different IdPs, the configuration requirements, and the workflows involved.
Steps to configure SSO for customers
What you need from Aptem: Aptem provides a provider metadata file containing the details you need for setup. Use the keys in this file to configure your IdP.
What we need from you: A metadata file from your IdP with the required SAML configuration: Aptem uses the information in this file to establish trust and complete the connection.
Configuring Specific Identity Providers
Azure Active Directory (Azure AD)
-
Prerequisites: Ensure you have one of the following roles in Azure AD:
- Global Administrator
- Cloud Application Administrator
- Application Administrator
-
Steps:
- Navigate to Azure AD > Enterprise Applications and click New Application.
- Choose Create your own application and select Integrate any other application you don’t find in the gallery.
- In the application, go to Single sign-on and select SAML.
- Download the manifest from Aptem and use its properties to configure SAML attributes in Azure AD.
- Remove non-unique attributes (e.g., first/last names) from Attributes & Claims.
- Download the updated Azure AD manifest and upload it to the Aptem tenant.
- Save and test the connection.
Active Directory Federation Services (ADFS)
Follow Microsoft's official guide: Configuring SAML on ADFS.
Use Google's guide for SAML setup: Google SAML Configuration.
Auth0
Follow Auth0's documentation for setting up SAML: Auth0 SAML Configuration.
Further resources
For administrators:
- Implementing Single Sign On (SSO) - Initial setup and connection
- Enable SAML for users and set up SSO login screen
For users: Single Sign On for users