Single sign-on (SSO) is an authentication method that allows you and your team to securely log into multiple apps and sites with just one set of credentials. If your team uses SSO authentication, you can configure the settings to set up SSO for your Apollo account.
Please note, only users with Okta and Apollo admin access can set up the SSO integration. If you are not an admin for either account, please share this article with a team member who has the necessary permissions to follow the steps below.
The Okta/Apollo.io SAML integration currently supports the following features:
- SP-initiated SSO
- IdP-initiated SSO
For more information on the listed features, visit the Okta Glossary.
Please note, Apollo currently only supports SAML integrations via Okta. If you use another identity provider to manage SSO authentication, stay tuned for further updates as we continue to improve our SSO integration.
Refer to the sections below for the steps to configure your SSO settings, assign users to Apollo in Okta, and then log into Apollo via SSO.
Configure the Single Sign-on Settings
Please note, when you configure SSO, you and your team can only log into Apollo via SSO. If you try to log in via another method, Apollo redirects you to the SSO sign-in modal.
Launch Apollo, click Settings, and then click Integrations.
Scroll to Single Sign-On and click Connect.
Select Okta in the Identity provider name drop-down.
Copy the Apollo entity ID and Single Sign-on URL.
Keep this tab open and launch Okta in another tab. Click Applications, and then click Browse App Catalog.
Search for Apollo.io and click on it.
Then, click Add Integration.
Customize the name if you want to and then click Done.
Next, click the Sign On tab in the Apollo.io SAML app.
Scroll down to Advanced Sign-on Settings and paste the "Apollo entity ID" that you copied in Apollo earlier into the SP Entity ID field.
Scroll to Credentials Details and click the Application username format drop-down. Then, select Email and click Save.
Scroll to Metadata details and copy the text in the Sign on URL and Issuer fields.
Then, click Download to download and copy the Signing Certificate text.
Switch back to Apollo and paste the Sign on URL you copied in Okta into the Identity provider single sign-on URL field in Apollo.
Next, paste the Issuer text you copied in Okta into the Identity provider entity ID field in Apollo.
Then, paste the text from the Signing Certificate you downloaded and copied in Okta into the Identity provider certificate field in Apollo.
Click Save & Enforce SSO.
You have now configured your SSO settings in Apollo. Follow the steps below to finalize the process in Okta.
Assign Users in Okta
Launch Okta and navigate to the Apollo app integration on the Applications page. Then, click the Assignments tab.
Click the Assign drop-down and then click Assign to People or Assign to Groups.
Click Assign on the right of the person or group you want to add.
Click Save and Go Back.
Repeat the process for every user or group you want to assign to the integration.
When you have finished, click Done.
Don't see a user that you want to assign to Apollo? Follow the instructions in the Add Users Manually article in the Okta Knowledge Base. Then, refresh the page and follow the instructions above to assign the new user to the Apollo integration.
Okta displays every user that you have assigned to Apollo from the Assignments tab.
Want to set up SCIM user provisioning to streamline user management between your Okta and Apollo accounts? Hop into the Configure SCIM User Provisioning article for the steps to take.
Log into Apollo with SSO
Launch the the Apollo login page and click Log in with your organization.
Enter your email address, and then click Log In.
If you are already logged into Okta, Apollo redirects you to the homepage of your Apollo account.
If you are not logged into Okta, Apollo redirects you to the Okta sign-in page. Enter your credentials and click Sign in or click Sign in with Google.
Okta redirects you to the homepage of your Apollo account.
You have now logged into Apollo via SSO.