Overview
To enable Single Sign-On (SSO) for your organization, you'll need to configure your Identity Provider (IdP) to connect with Aptem's SAML-based authentication. This guide outlines the steps for different IdPs, the configuration requirements, and the workflows involved.
Steps to configure SSO for customers
What you need from Aptem: Aptem provides a provider metadata file containing the details you need for setup. Use the keys in this file to configure your IdP.
What we need from you: A metadata file from your IdP with the required SAML configuration: Aptem uses the information in this file to establish trust and complete the connection.
Configuring Specific Identity Providers
Azure Active Directory (Azure AD)
-
Prerequisites: Ensure you have one of the following roles in Azure AD:
- Global Administrator
- Cloud Application Administrator
- Application Administrator
-
Steps:
- Navigate to Azure AD > Enterprise Applications and click New Application.
- Choose Create your own application and select Integrate any other application you don’t find in the gallery.
- In the application, go to Single sign-on and select SAML.
- Download the manifest from Aptem and use its properties to configure SAML attributes in Azure AD.
- Remove non-unique attributes (e.g., first/last names) from Attributes & Claims.
- Download the updated Azure AD manifest and upload it to the Aptem tenant.
- Save and test the connection.
ADFS and LDAP identity providers: recognised email attributes
When configuring SSO for ADFS or LDAP-based identity providers, your IdP may send the user's email address using the mail attribute rather than email. Both are now recognised by Aptem.
If your ADFS or LDAP provider sends mail and users were experiencing sign-in failures with the message "username or password not recognised", this is likely the cause. No configuration change is needed in Aptem, the attribute is now supported automatically.
If you are setting up a new ADFS or LDAP configuration, you do not need to map mail to a different attribute before sending it to Aptem.
Active Directory Federation Services (ADFS)
Follow Microsoft's official guide: Configuring SAML on ADFS.
Use Google's guide for SAML setup: Google SAML Configuration.
Auth0
Follow Auth0's documentation for setting up SAML: Auth0 SAML Configuration.
Further resources
For administrators:
- Implementing Single Sign On (SSO) - Initial setup and connection
- Enable SAML for users and set up SSO login screen
For users: Single Sign On for users