ApartmentIQ offers flexible authentication to balance security with ease of access. Use this guide to determine which configuration fits your organization's needs.

1. Determining Your Sign-In Method

How do you want your users to log in to ApartmentIQ?

• Option A: System-Level Sign-In (Manual Password and Username)
  • How it works: Users sign in with a standard email and a password managed directly by ApartmentIQ.
  • Setup: Contact your CSM or email support@apartmentiq.io with a completed user template. Users set their password during their first login. Please see the article Managing ApartmentIQ Users for more information on user roles and permissions.
  • Best for: Organizations without a centralized identity provider (IdP).
     
• Option B: Single Sign-On (SSO)
  • How it works: Users log in via a provider like Google, Microsoft Entra, or Okta.
  • Best for: Enhanced security and simplified login across multiple systems.
     

2. SSO Enforcement

Do you want to force all users to use SSO or keep it optional?

• SSO Optional (Mixed Environment): Users choose between SSO or a manual password. This is useful for teams with external contractors.
• SSO Required (Strict Enforcement): All users must log in via their SSO provider. Administrators can require SSO for specific email domains while exempting others.
   

3. Advanced Provisioning with SSO (SAML & SCIM for Entra or Okta)

Do you want to manage user creation and deletion directly through your IT provider?

This is an added, optional layer for organizations using SSO. SAML and SCIM can help you to create and delete users from your IT provider, rather than in the user management page of ApartmentIQ. 

Please note: If you are interested in configuring SAML & SCIM for your organization, please let your CSM know- we will coordinate a meeting with your team to ensure successful configuration.

If you use Okta or Microsoft Entra, you can automate your workflow:

SAML (Authentication)

Handles the secure "handshake" to log users in. Your IT team must create a SAML 2.0 app in Entra or Okta to begin the setup process. Please use the relevant guide below to get started:

• Detailed Guides: 
  • SAML SSO with Microsoft Entra ID 
  • SAML SSO with Okta 

When done, share your SAML Metadata URL (EXAMPLE: https://<yourorg>.okta.com/...) with your CSM to complete the link. This can be found on the sign in tab within your new app in Okta.

SCIM (Automated Provisioning)

Automatically creates or deactivates accounts in ApartmentIQ when you update your internal directory. Please use the relevant guide below to get started:

• Detailed Guides: 
  • SCIM Provisioning with Microsoft Entra ID 
  • SCIM Provisioning with Okta 
     

4. Permissions & Access (Manual Requirements)

CRITICAL: SAML and SCIM handle access to ApartmentIQ, but they do not assign user roles (Admin, Manager, Editor or Read Only), or access to specific Market Surveys or features. The following must be done manually in the Manage Users section of ApartmentIQ:

• Assign Market Surveys: You must manually assign specific market surveys to new users.
• User Roles: You must select a role (Admin, Manager, Editor, or Read Only), as SCIM cannot currently automate role assignment.
• Premium Tools: To enable Research Pro or Explore Pro seats, you must contact your CSM/Support. (Self-service toggles are coming soon).

Sign-In & Provisioning Checklist

Still have questions? Reach out to your CSM or email support@apartmentiq.io.