GraphOS Single Sign-On

Simplify access management with SAML and OIDC-based SSO

Single sign-on (SSO) is available only for Enterprise plans. This feature is not available as part of a GraphOS trial.

Single sign-on lets your team log into Apollo GraphOS using your organization's identity provider (IdP). This streamlines access management, improves security, and enhances the user experience by reducing the need to manage additional passwords.

As of October 2024, all GraphOS organizations with Enterprise or Dedicated plans can configure SAML and OIDC-based SSO without needing to contact Apollo. Previously, SSO setup required assistance from Apollo Support.

Setup instructions

Only GraphOS Org admins can set up SSO. Additionally, you must have administrative access to your identity provider (IdP) to complete setup.

To set up SSO, follow the instructions for your configuration method:

SAML-based

Okta
Microsoft Entra ID (formerly known as Azure Active Directory)
Generic SAML

OIDC-based

Okta
Microsoft Entra ID (formerly known as Azure Active Directory)
Generic OIDC

Role assignment

Preview

This feature is in invite-only preview. Please get in touch with your Apollo contact if you'd like to request access.

Once you've set up SSO, each user assigned to GraphOS in your IdP has the default GraphOS role configured in your GraphOS SSO settings. You can configure your IdP to assign GraphOS roles based on groups in your IdP. See the Assign GraphOS roles section for your configuration method for instructions.

SAML-based

Okta
Microsoft Entra ID (formerly known as Azure Active Directory)
Generic SAML

OIDC-based

Okta
Microsoft Entra ID (formerly known as Azure Active Directory)
Generic OIDC

Contracts

SAML

OIDC

Contracts

SAML

OIDC

AWS Lattice

Subscription Support

Log Exporters

Metrics Exporters

Trace Exporters

Instrumentation

GraphOS Single Sign-On

Setup instructions

SAML-based

OIDC-based

Role assignment

SAML-based

OIDC-based