Enabling SAML will affect all users who use this application, which means that users will not be able to sign in through their regular log in page. They will only be able to access the app through the Okta service.
Apperio does not provide backup log in URL where users can sign in using their normal username and password. You can contact Apperio Support (support@apperio.com) to turn off SAML, if necessary.
The Okta/Apperio SAML integration currently supports the following features:
For more information on the listed features, visit the Okta Glossary.
In Okta open Sign On tab for the Apperio app.
[OPTIONAL SLO]: If you are going to enable SP-initiated Single-Logout functionality, do the following:
Download the Apperio certificate using this link: https://app.apperio.com/sso/saml/certificate/
Enable Single Logout: Check this box.
Signature Certificate: Click Browse to locate and upload the Apperio certificate you just downloaded.
Application username format: Select Email.
Click Save:
Contact the Apperio Support team at support@apperio.com and request that they enable SAML 2.0 for your tenant.
Include the following information with your request:
IDP Metadata URL: Copy and paste the following:
Sign into the Okta Admin dashboard to generate this value.
Your email domain.
The Apperio Support team will process your request. After receiving a confirmation email, you can start assigning people to the application.
Done!
The following SAML attributes are supported:
| Name | Value |
|---|---|
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname | user.firstName |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname | user.lastName |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | user.email |
Enter your Email address, then click Next:
