ApartmentIQ supports Single Sign-On (SSO) using the SAML 2.0 XML-based open standard. This integration allows your organization to centralize access management, enabling users to sign in to ApartmentIQ securely using their existing Okta credentials.

Before beginning the configuration, it is recommended to review all supported sign-in methods to confirm that Okta SSO is the best fit for your organization's needs. 

Article: Sign-In Options for ApartmentIQ 

This guide provides a comprehensive, step-by-step walkthrough to help Okta administrators:

• Create a new SAML application within the Okta Admin Console.
• Configure essential SAML settings, including ACS URLs and Entity IDs.
• Map user attributes to ensure seamless profile synchronization.
• Finalize setup by sharing metadata with your ApartmentIQ Customer Success Manager.
   

Create a New SAML Application

1. Log in to your Okta Admin Console
2. In the left navigation, go to Applications
3. Click Applications
4. Click the Create App Integration button

Choose the App Integration Type

1. In the Create a new app integration modal:
   • Select SAML 2.0
   • Click Next

General Settings

1. Enter the following:
   • App name: ApartmentIQ
   • Logo here: Logo
      
2. Click Next
   
   

   

Configure SAML Settings

SAML Settings

Enter the following values:

• Single sign on URL (ACS URL):
   https://identity.apartmentiq.io/users/auth/saml/callback
• Audience URI (SP Entity ID):
   https://identity.apartmentiq.io
• Name ID format:
   EmailAddress
• Application username:
   Email
   

Attribute Statements

Add the following Attribute Statements exactly as shown:

⚠️ Important: Do not include a namespace. Attribute names are case-sensitive


 

(Optional) Remove Unused Claims

If Okta auto-generates additional claims, they can be left as-is. ApartmentIQ only uses the attributes listed above.

Finish Application Setup

1. Click Next
2. Select I’m an Okta customer adding an internal app
3. Click Finish
    

Assign Users and Groups

1. From the ApartmentIQ app page, go to the Assignments tab
2. Assign:
   • Individual users 
   • Groups (not available currently)
     
     

     

ApartmentIQ Setup

Share Metadata with ApartmentIQ

1. In the ApartmentIQ app, go to the Sign On tab
2. In the SAML Signing Certificates section:
   
   • Copy the Metadata URL
      (or download the XML file if preferred)
     
     

     

Example data- please note your Metadata URL will be unique

3. Send the following to your ApartmentIQ Customer Success Manager (CSM):
   
   
   • Metadata URL
   • List of initial Admin users
   • (Optional) Full user list with roles/permissions
     1. Need a user template? Please make a copy of this document, complete, and share with your CSM

Test the Configuration

Once your CSM confirms setup is complete:

1. In Okta, return to the Sign On tab
2. Click Test SAML Configuration
3. Confirm the login completes successfully

Normal Usage

Navigate to:

 https://app.apartmentiq.io

1. Enter your email address
2. You will be redirected to Okta to authenticate
3. Upon success, you’ll be logged into ApartmentIQ

Receiving an Error? Check for Common Issues:

• Email in Okta must match the ApartmentIQ user email
• Users must be assigned to the Okta app
• Attribute names must match exactly (email, first_name, last_name)
• Certificate must be active (not expired)