Skip to content

Table of Contents

Configuring the Login page

When users navigate to your Apporto instance, they will see the Apporto Login page. Multiple authentication methods are available, and you can configure them from site settings.

Use the information in this guide to learn how to:

Customize the Login page

The table below shows the values that make up the Login page.

Field Datatype Required? Notes
Login page title String Yes Short message to display above the username/password prompt.
Background image Image file No If no image is added, a default image will display.

Accepted formats include JPEG and PNG. A ratio of 8:8 is recommended (e.g., 800 x 800 pixels). Otherwise, your image will automatically be cropped or resized.

Subtitle String No Short title to show under the username/password prompt.
Description String No Text that can be displayed below the subtitle
Link text String No Used with the link URL to provide a text link
Link URL Hyperlink No Optional link to show under the description.

Additional features in this section:

Follow the steps below to customize the Login page.

  1. Click setup or the settings icon icon in the navigation panel to view the Setup screen.
  2. Click on the Login page tab in the lower part of the page.
    login page tab in setup
  3. Enter your desired values.
  4. If you wish to add your own background image
    1. Click upload image to trigger the file manager.
    2. Select a file from your local storage. The ideal image has an aspect ratio of 8:8 (e.g., 800 x 800 pixels) and is a PNG or JPEG file.
    3. The system will display a preview of your image and prompt you to save the change.
      login page image uploaded
    4. If you are not satisfied with the preview, click remove image to remove the current file and then click upload image again to import a new image. 
  5. Click save changes to update the Login page with your new settings.

Enable two-factor authentication (2FA)

Two-factor authentication (2FA)–also known as multi-factor authentication (MFA)–is a login method that requires users to provide a combination of security measures. Checking the “enable two-factor authentication” setting for the Login page will require users to use an authenticator app to generate login credentials. See the MFA section of the article on accessing Apporto for more information.

Enable single sign-on (SSO) integration

Single sign-on (SSO) authentication is the most commonly used method for Apporto users. For information on how to log in to the system with SSO, see the article on accessing Apporto.

To access SSO settings, click on the “SSO domains” tab in the lower part of the Setup page.

single sign on domain list

Create an SSO domain

The table below shows the values that make up an SSO domain record.

Field Datatype Required? Notes
User auth method Lookup value Yes
  • Authenticate only
  • Authenticate and create
Domain name String Yes This is a descriptive name for easy reference.
Email domain String Yes Include everything after the @ symbol.
Include subdomains Boolean No
SSO login URL String Yes SAML2 SSO login URL as provided by your Identity Provider (IdP)
SSO logout URL String No If SSO logout is desired, you can provide the SAML2 SSO logout URL as provided by your Identity Provider (IdP).
Service provider entity ID String Read-only This value is auto-generated by the system. You will need to provide the SP entity ID to your Identity Provider (IdP) when setting up the SSO integration.

The format will be https://yourorganization.apporto.com/passport-saml.

Service provider (SP) URL String Read-only This value is auto-generated by the system after the configuration is saved. You will need to provide this to your Identity Provider (IdP) as the reply URL (Assertion Consumer Service URL).
Unique user identifier attribute String Yes The full SAML2 assertion attribute name of the attribute that defines the user’s unique user identifier
User first name attribute String Yes The full SAML2 assertion attribute name of the attribute that defines the user’s first name
User last name attribute String Yes The full SAML2 assertion attribute name of the attribute that defines the user’s last name
User email attribute String No The full SAML2 assertion attribute name of the attribute that defines the user’s email address
SSO active Boolean No This value will be set to TRUE (ON) by default. You may switch it off, if you want to configure the SSO connection without it immediately being in use.

note icon SAML2 Assertions must be signed. The Identity Provider’s (IdP) signing certificate(s) must be added to the SSO configuration for the SSO integration to work.

Follow the steps below to add a domain for SSO authentication.

  1. Click the create new SSO domain button to trigger the Create SSO domain form. The form has three main sections:
    1. SSO domain profile – SSO instance location information and mapping values
      1. Information about the location of your SSO instance
        create an SSO domain
      2. Mapping values to interface Apporto with your SSO instance. The service provider entity ID and URL will be provided for you and can easily be copied to provide to your Identity Provider (IdP).
        creating SSO service provider information
    2. Certificates – signing certificates used by the SSO Identity Provider (IdP) server to sign assertions
      adding an SSO certificate
    3. Groups – assignment of the SSO domain to one or more user groups
      linking a group to an SSO domain
  2. Start the setup process by copying the service provider entity ID and URL to provide to your SAML2 Identity Provider (IdP) administrator. In return, the IdP administrator should provide the SSO login URL, SSO logout URL (optional), and the attribute names to use for the attribute mapping fields. Enter these values exactly as given by the IdP administrator. Ensure the desired user auth method is selected for your use case. Enter a domain name in the email domain field that will be used to trigger the SSO login flow for users attempting to login directly to the portal. Complete this section by ensuring the domain name contains a unique descriptive name to describe this SSO integration.
  3. From the “Certificates” tab, click the add certificate button to trigger the pop-up.

    1. Upload a certificate file and click add to apply it to the domain.
      note icon Each certificate file must be in the PEM format with a .pem file extension.
    2. Repeat as needed for multiple certificates.
  4. Click on the “Groups” tab and click add group to select one or more groups that will use the SSO domain for authentication.
    searching for a group to link to an SSO domain
  5. Click save to finish creating the SSO domain.

Update an SSO domain

For an existing SSO domain record, you may update any values in the domain profile or mapping values sections by editing the contents. You may also add new certificates and link additional user groups. Commit all changes by clicking save. See the section above for more information.

Additional features in this section:

View certificate details

To view the details of an existing SSO domain certificate, follow the steps below:

  1. From the “certificates” tab, click view for the certificate you want to examine. The View certificate pop-up screen will display.
    view an SSO certificate
  2. The certificate details include:
    1. Subject information (only fields set on the certificate will be displayed)
      1. Country
      2. State/province
      3. Locality/city
      4. Identity management provider organization name
      5. Organizational unit name
      6. Common name
      7. Email address
    2. Issuer information (only fields set on the certificate will be displayed)

      1. Country
      2. State/province
      3. Locality/city
      4. Identity management provider organization name
      5. Organizational unit name
      6. Common name
      7. Email address
    3. Validity
      1. Start date/time
      2. Expiration date/time
      3. Current status
  3. Click on the close button or anywhere outside the pop-up window to return to the Update SSO domain screen.

Remove a certificate

To remove an invalid certificate, follow the steps below:

  1. From the “certificates” tab, click remove for the certificate you want to remove.
  2. The certificate will no longer be visible in the list, and the system will prompt you to save changes.
  3. To commit the change, click save. To abort the change, refresh the screen without saving and the certificate will be visible in the list once again.

To detach a group from the SSO domain, follow the steps below:

  1. From the “groups” tab, click unlink for the group you want to remove.
  2. The group will no longer be visible in the list, and the system will prompt you to save changes.
  3. To commit the change, click save. To abort the change, refresh the screen without saving and the group will be visible in the list once again.