Aptakube

SSO Activation in Aptakube

Activate Aptakube using SSO Integration instead of License Keys

Work in Progress
Aptakube SSO is currently in development and not yet available for production use. We are actively working on this feature and will provide updates as we progress. Stay tuned for more information!

Aptakube uses OIDC (OpenID Connect) to integrate with your Identity Provider (IdP) and allow users to authenticate using their corporate credentials instead of license keys. This provides a seamless and secure way to manage user access to Aptakube.

To use SSO with Aptakube, you need to configure your Identity Provider to trust Aptakube as a client application. This involves creating an OAuth2 Client in your IdP and configuring the necessary redirect URIs.

1. Create OAuth2 Client in your Identity Provider

This step varies depending on your Identity Provider. Here are setup guides for popular IdPs: Okta, Auth0, Microsoft Entra ID (Azure AD), Google Workspace and Keycloak.

The following settings are commonly required:

  • Client Name: A name for your client application (e.g., "Aptakube").
  • Redirect URIs: Use aptakube://sso (preferred). If custom schemes are not supported, use https://aptakube.com/sso
  • Applcation Type: Choose Native Application or Desktop Application if available.
  • Scopes: Request the openidand email are required.

Your IdP will provide you with the following information after creating the client:

  • Client ID: A unique identifier for your client application.
  • Client Secret: This is not required for Aptakube SSO, you won't need it.

For now, this step requires manual intervention. Please provide the information below to support@aptakube.com:

  • Organization Domain: This is your corporate email domain (e.g., @yourcompany.com).
  • Client ID: The unique identifier for your client application.
  • Redirect URIs: The redirect URIs you configured in your IdP.
  • Well-known URL: OIDC well-known URL (which looks like this https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration). If you don't have one, just the Authorization Endpoint and Token Endpoint are also fine.

3. Use Aptakube 1.13.5+

Aptakube 1.13.5 is the first version to support SSO. But as mentioned above, SSO is still in development and not yet fully functional. At this point, you can use Aptakube to validate your setup, but it won't actually activate your license.

If all goes well, you should see a small popup saying Welcome <email>! after signing in. This confirms the SSO flow is working correctly and in future versions, it will also activate your license.