ApartmentIQ supports two methods for user authentication:

1. Single Sign-On (SSO) using your organization’s identity provider
    
2. System-Level Sign-In using a username and password managed directly in ApartmentIQ

This guide explains:

• What Single Sign-On (SSO) is
   
• How to configure SSO using either OAuth/OpenID (Google or Microsoft) or SAML (Okta or Microsoft Entra)- SCIM available 
   
• Common SSO FAQs
   
• How to configure system-level sign-in
   

What is Single Sign-On (SSO)?

Single Sign-On (SSO) allows your organization to manage user access across multiple systems using a centralized identity provider. This simplifies login and enhances security.

There are two main authentication protocols ApartmentIQ supports:

• OAuth/OpenID Connect: Used with Google and Microsoft accounts
   
• SAML 2.0 (Security Assertion Markup Language): Used with Okta and optionally Microsoft Entra
  
   

Option 1: OAuth/OpenID SSO (Google or Microsoft Entra)

ApartmentIQ supports OAuth-based login via Google and Microsoft Entra (formerly Azure Active Directory).

Setup Steps

1. Add Users to ApartmentIQ
    
   Before SSO can be used, all users must be added to the ApartmentIQ system. Contact your Customer Success Manager (CSM) for a user template. For details on user management, visit our Managing Users article.
    
2. Log In via Google or Microsoft
   
   
   • Go to app.apartmentiq.io
      
   • Click the Google or Microsoft login button
      
   • Accept ApartmentIQ's terms and conditions (each user must do this once)
      
   • You're in!
      

 Note on Microsoft Entra

• Microsoft Azure Active Directory has been renamed to Microsoft Entra (More Info).
   
• If your organization uses User Principal Names (UPNs), ensure ApartmentIQ accounts are created using email addresses, not UPNs. (Reference here for more information)
  
   

Option 2: SAML SSO (Okta or Microsoft Entra)

ApartmentIQ supports SAML-based authentication with the following identity providers:

• Okta
   
• Microsoft Entra (if configured to use SAML instead of OAuth)
   

Setup Instructions for IT Teams
 

Step 1: Create a SAML App in Your Identity Provider
 

• Go to your identity provider (e.g., Okta or Microsoft Entra)
   
• Create a new SAML 2.0 app integration
   
• Use the following settings:
  
   

You may also be asked to define Attribute Statements; your CSM can provide additional guidance on this.
 

Step 2: Share Metadata with ApartmentIQ
 

• Locate the SAML Metadata URL from your identity provider
  
  
  • In Okta, this can be found on the Sign On tab of your new app
     
  • The URL will resemble:
     https://<yourorg>.okta.com/app/<identifier>/sso/saml/metadata
     
• Share the Metadata URL with your ApartmentIQ CSM
  
   

Step 3: ApartmentIQ Setup
 

• Your CSM will complete the configuration on the ApartmentIQ side
   
• Once confirmed, users can begin logging in via SAML SSO
  
  
  For detailed setup instructions for SAML SSO for Entra, please see this document.  
   

Logging in with SAML SSO
 

• Navigate to app.apartmentiq.io or access via your identity provider's dashboard
   
• Enter your email address
   
• You’ll be redirected to authenticate via your SAML provider (Okta or Microsoft Entra)
  
  Need help configuring SAML SSO? Reach out to your CSM or contact our Support Team.

SCIM Provisioning for ApartmentIQ With EntraID or Okta (Optional)

While SAML handles authentication, SCIM automates the creation and deactivation of user accounts. This is an optional but recommended step to streamline user management.

Setup Instructions for IT Teams:

1. Request SCIM Access Token: Contact your ApartmentIQ CSM to enable SCIM and obtain an access token and Tenant URL.
    
2. Configure Provisioning: In the same ApartmentIQ application within your Microsoft Entra tenant, select "Automatic" provisioning mode.
    
3. Enter Credentials: Use the Tenant URL and Secret Token provided by your CSM in the "Admin Credentials" section.
    
4. Update Mappings: Configure the user attribute mappings to align with ApartmentIQ's supported fields, such as userName, emails[type eq "work"].value, name.givenName, and name.familyName.
    
5. Start Provisioning: Once configured, start the provisioning process to automatically sync users from Microsoft Entra to ApartmentIQ.
    

For information on configuring EntraID SCIM, please see this document.

SSO Frequently Asked Questions
 

Can SSO be restricted to specific email domains?

Yes. Administrators can configure ApartmentIQ to require SSO for certain email domains while exempting others. This is useful for hybrid organizations or vendor collaboration.
 

What if I don’t know which SSO provider my org uses?

Simply enter your email at app.apartmentiq.io. We’ll redirect you to the correct login method based on your domain.
 

What if my Identify Provider was not listed as an option?

Reach out to the ApartmentIQ Support Team - they can get you in contact with the right team to coordinate the integration into your idP.
 

Can I auto provision users and deactivate them using SCIM?

When provisioning users to ApartmentIQ using SCIM, the user can be created and deactivated. 

However, you will still need to go into the Manage Users section of your ApartmentIQ account to select a user role (Admin, Manager, Editor, or Read Only), and the properties this user should have access to. Currently, SCIM cannot accomplish this. 

Option 3: System-Level Sign-In

If your organization does not use SSO, users can sign in with a standard email/password combination managed by ApartmentIQ.
 

Initial Setup Steps
 

1. Contact your CSM or email support@apartmentiq.io with a list of users (ask for our user template). 
    
2. ApartmentIQ will provision user accounts.
    
3. Users can then log in at app.apartmentiq.io using:
   
   
   • Their email address
      
   • A password set during their first login or password reset
      

Still Have Questions?

For help with configuration, setup, or troubleshooting, contact:

• Your Customer Success Manager (CSM)
   
• Our Support Team