Require Single Sign On

When Single Sign On (SSO) Enforcement is enabled, your users will only be able to access your Organization's resources by using your configured SAML provider to authenticate with Aptible. You can then enforce any restrictions allowed by your SSO provider on logins, such as password rotation or use of specific second factors.

SSO Enforcement will prevent users from doing the following:

  • Users can NOT login using the Aptible credentials and still access the Organization's resources.

  • Users can NOT use their SSH key to access the git remote.

Account owners are always exempted from SSO enforcement. This is allow for emergency access to your Aptible resources in case your SSO provider is mis-configured or suffering downtime. Additional users can be exempted using the allowlist.

Users will need to be added to the allowlist to access your Organization's resources via git. Otherwise, attempts to use the git remote, will return an error that the App is not accessible.

To use the Aptible CLI with SSO enforced users will have to login to the Dashboard and generate an SSO token on the CLI Token for SSO settings page. The token can be provided to the CLI via aptible login --sso $SSO_TOKEN.



Before enforcing SSO, we recommend notifying all the users in your Organization. SSO will be the only way to access your Organization at that point.