GraphOS Single Sign-On

Simplify access management with SAML and OIDC-based SSO

Single sign-on (SSO) is available only for Enterprise plans. This feature is not available as part of a GraphOS trial.

Single sign-on lets your team log into Apollo GraphOS using your organization's identity provider (IdP). This streamlines access management, improves security, and enhances the user experience by reducing the need to manage additional passwords.

As of October 2024, all GraphOS organizations with Enterprise or Dedicated plans can configure SAML and OIDC-based SSO without needing to contact Apollo. Previously, SSO setup required assistance from Apollo Support.

⚠️ caution

If your organization configured SSO before April 2024, you need to migrate to the new SSO configuration before November 15, 2024, to ensure your team doesn't lose access to GraphOS.

Setup instructions

Only GraphOS Org admins can set up SSO. Additionally, you must have administrative access to your identity provider (IdP) to complete setup.

To set up SSO, follow the instructions for your configuration method:

SAML-based

Okta
Microsoft Entra ID (formerly known as Azure Active Directory)
Generic SAML

OIDC-based

Okta
Microsoft Entra ID (formerly known as Azure Active Directory)
Generic OIDC

Contracts

SAML

OIDC

Contracts

SAML

OIDC

AWS Lattice

Subscription Support

Log Exporters

Metrics Exporters

Trace Exporters

Instrumentation

GraphOS Single Sign-On

Setup instructions

SAML-based

OIDC-based