Single Sign-On (SSO) is available for all Team Licenses with 20+ seats.
Aptakube uses OIDC (OpenID Connect) to integrate with your Identity Provider (IdP) and allow users to authenticate using their corporate credentials instead of license keys. This provides a seamless and secure way to manage user access to Aptakube.
To use SSO with Aptakube, you need to configure your Identity Provider to trust Aptakube as a client application. This involves creating an OAuth2 Client in your IdP and configuring the necessary redirect URIs.
1. Create OAuth2 Client in your Identity Provider
This step varies depending on your Identity Provider. Here are setup guides for popular IdPs: Okta, Auth0, Microsoft Entra ID (Azure AD), Google Workspace and Keycloak.
The following settings are commonly required:
- Application Type: Choose
Desktop ApplicationorNative Applicationif available. - Client Name: A name for your client application (e.g., "Aptakube").
- Scopes: Both
openidandemailare required. - Redirect URIs: Use
aptakube://sso(preferred) orhttps://aptakube.com/sso- This is NOT required for Google Workspace.
2. Link your new Client to your Aptakube License
Once you have created the client, gather the following information:
- Organization Domain: This is your corporate email domain (e.g.,
@yourcompany.com). - Well-known URL: OIDC well-known URL, which looks like this https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration.
- If you don't have one, send the
Authorization EndpointorToken Endpoint.
- If you don't have one, send the
- Client ID: The unique identifier for your client application.
- Redirect URI or Client Secret:
- if your provider is Google Workspace, send us the Client Secret
- Otherwise, send us the Redirect URI you configured.
We will soon add a self-service option to the License Manager, but for now, please email the information above to support@aptakube.com.