Docs
Launch GraphOS Studio

Setting up Apollo SSO with a SAML-based IdP


Single sign-on (SSO) is available only for Dedicated and Enterprise plans. This feature is not available as part of an Enterprise trial.

This guide walks through configuring a generic SAML-based id provider (IdP) for use with Apollo single sign-on (SSO). These steps require administrative access to your IdP.

NOTE

If you use Okta or Azure Active Directory as your id provider, instead see the corresponding guide for your tool:

  1. Create a new application in your SSO environment. While doing so, set the following values:

    • App Name: Apollo GraphOS
    • App logo: Apollo logo (optional)
  2. If possible, upload the appropriate Apollo SAML metadata for your organization:

  3. Set your Single Sign on URL or ACS URL to the following:

    https://sso.connect.pingidentity.com/sso/sp/ACS.saml2

    You can also use this value for the following :

    • Recipient
    • ACS (Consumer) URL Validator
    • ACS (Consumer) URL
  4. Set your Entity ID according to the following:

    • If your organization does not already use PingConnect as an ID, use PingConnect.
    • If your organization does already use PingConnect, use the following value: fd76e619-6c0a-461c-912d-418278929d60
  5. Set your RelayState to the following value:

    https://pingone.com/1.0/fd76e619-6c0a-461c-912d-418278929d60

  6. Set the following user attributes:

    • sub: user.email
      • The sub attribute should uniquely identify any particular user to . In most cases, user.email provides this unique mapping.
    • email: user.email
    • given_name: user.firstName
    • family_name: user.lastName
  7. Assign users to the application.

    • Reach out to your SSO or Id & Access Management team for help assigning the relevant groups and users to Apollo GraphOS.
  8. Send your Apollo contact your id provider (IdP) SAML XML metadata file.

    If you can't send this file, send one of the following instead:

    • IdP ID
    • IdP single sign-on URL / SSO URL
    • IdP x509 certificate
  9. Your Apollo contact will complete your SSO setup.

Previous
Azure AD
Edit on GitHubEditForumsDiscord

© 2024 Apollo Graph Inc.

Privacy Policy

Company