To manage the members of your team through a third-party identity provider like Okta or Auth0, you can set up the Security Assertion Markup Language (SAML) feature from the team settings.

To enable this feature, the team must be on the Enterprise plan and you must hold an owner role.

All team members will be able to log in using your identity provider (which you can also enforce), and similar to the team email domain feature, any new users signing up with SAML will automatically be added to your team.

Configuring SAML SSO

SAML can be configured from the team settings, under the SAML Single Sign-On section. Clicking Configure will open a walkthrough that helps you configure SAML SSO for your team with your identity provider of choice.

After completing the steps, SAML will be successfully configured for your team.

Authenticating with SAML SSO

Once you have configured SAML, your team members can use SAML SSO to log in or sign up to Aporia. Click “SSO” on the authentication page, then enter your work email address.

Enforcing SAML

For additional security, SAML SSO can be enforced for a team so that all team members cannot access any team information unless their current session was authenticated with SAML SSO.

You can only enforce SAML SSO for a team if your current session was authenticated with SAML SSO. This ensures that your configuration is working properly before tightening access to your team information, this prevents lose of access to the team.

Self HostingMulti-factor Authentication (MFA)