Aptakube

SSO Activation in Aptakube

Activate Aptakube using SSO Integration instead of License Keys

Beta
Aptakube SSO is currently in Beta. We are actively working on this feature and will provide updates as we progress. Stay tuned for more information!

Aptakube uses OIDC (OpenID Connect) to integrate with your Identity Provider (IdP) and allow users to authenticate using their corporate credentials instead of license keys. This provides a seamless and secure way to manage user access to Aptakube.

To use SSO with Aptakube, you need to configure your Identity Provider to trust Aptakube as a client application. This involves creating an OAuth2 Client in your IdP and configuring the necessary redirect URIs.

1. Create OAuth2 Client in your Identity Provider

This step varies depending on your Identity Provider. Here are setup guides for popular IdPs: Okta, Auth0, Microsoft Entra ID (Azure AD), Google Workspace and Keycloak.

The following settings are commonly required:

  • Client Name: A name for your client application (e.g., "Aptakube").
  • Redirect URIs: Use aptakube://sso (preferred). If custom schemes are not supported, use https://aptakube.com/sso
  • Application Type: Choose Native Application or Desktop Application if available.
  • Scopes: Request the openidand email are required.

Your IdP will provide you with the following information after creating the client:

  • Client ID: A unique identifier for your client application.
  • Client Secret: This is not required for Aptakube SSO, you won't need it.

For now, this step requires manual intervention. Please provide the information below to support@aptakube.com:

  • Organization Domain: This is your corporate email domain (e.g., @yourcompany.com).
  • Client ID: The unique identifier for your client application.
  • Redirect URIs: The redirect URIs you configured in your IdP.
  • Well-known URL: OIDC well-known URL (which looks like this https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration). If you don't have one, just the Authorization Endpoint and Token Endpoint are also fine.

3. Use Aptakube 1.13.6+

Aptakube 1.13.6 is the first version to fully support SSO for license activation. Please ensure you are using this version or later.