Directory Sync helps teams manage their organization membership from a third-party identity provider like Google Directory or Okta. Like SAML, Directory Sync is only available for Enterprise Teams and can only be configured by Team Owners.

When Directory Sync is configured, changes to your Directory Provider will automatically be synced with your team members. The previously existing permissions/roles will be overwritten by Directory Sync, including current user performing the sync.

All team members will receive an email detailing the change. For example, if a new user is added to your Okta directory, that user will automatically be invited to join your Aporia Team. If a user is removed, they will automatically be removed from the Aporia Team.

You can configure a mapping between your Directory Provider’s groups and a Aporia Team role. For example, your ML Engineers group on Okta can be configured with the member role on Aporia, and your Admin group can use the owner role.

Configuring Directory Sync

To configure directory sync for your team:

  1. Ensure your team is selected in the scope selector
  2. From your team’s dashboard, select the Settings tab, and then Security & Privacy
  3. Under SAML Single Sign-On, select the Configure button. This opens a dialog to guide you through configuring Directory Sync for your Team with your Directory Provider.
  4. Once you have completed the configuration walkthrough, configure how Directory Groups should map to Aporia Team roles.
  5. Finally, an overview of all synced members is shown. Click Confirm and Sync to complete the syncing.
  6. Once confirmed, Directory Sync will be successfully configured for your Aporia Team.

Supported providers

Aporia supports the following third-party SAML providers:

  • Okta
  • Google
  • Azure
  • SAML
  • OneLogin
Multi-factor Authentication (MFA)August 20th 2024