SSO Activation in Aptakube

Aptakube uses OIDC (OpenID Connect) to integrate with your Identity Provider (IdP) and allow users to authenticate using their corporate credentials instead of license keys. This provides a seamless and secure way to manage user access to Aptakube.

To use SSO with Aptakube, you need to configure your Identity Provider to trust Aptakube as a client application. This involves creating an OAuth2 Client in your IdP and configuring the necessary redirect URIs.

1. Create OAuth2 Client in your Identity Provider

This step varies depending on your Identity Provider. Here are setup guides for popular IdPs: Okta, Auth0, Microsoft Entra ID (Azure AD), Google Workspace and Keycloak.

The following settings are commonly required:

• Application Type: Choose Desktop Application or Native Application if available.
• Client Name: A name for your client application (e.g., "Aptakube").
• Scopes: Both openid and email are required.
• Redirect URIs: Use aptakube://sso (preferred) or https://aptakube.com/sso
  • This is NOT required for Google Workspace.

2. Link your new Client to your existing License

For now, this step requires manual intervention. Please provide the information below to support@aptakube.com:

• Organization Domain: This is your corporate email domain (e.g., @yourcompany.com).
• Well-known URL: OIDC well-known URL, which looks like this https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration.
  • If you don't have one, send the Authorization Endpoint or Token Endpoint.
• Client ID: The unique identifier for your client application.
• Redirect URI or Client Secret:
  • if your provider is Google Workspace, send us the Client Secret
  • Otherwise, send us the Redirect URI you configured.

3. Use Aptakube 1.13.6+

Aptakube 1.13.6 is the first version to fully support SSO for license activation. Please ensure you are using this version or later.