Search documentation
karat

+

K

Set up your Apollo Hub

The Apollo Hub is the central environment that manages all of your connected environments. This page outlines the items that your Palantir representative will work with you to configure.

Domain name

There are two possible formats for your Apollo URL:

  • https://<environment-name>.palantircloud.com: This format will be used when the Hub is dedicated for one customer.
  • https://<environment-name>.palantirapollo.com: This format will be used when the Hub is shared with multiple customers.

In both of these formats, <environment-name> will be substituted with an environment name that you can define.

Kubernetes cluster egress

Provide your local Kubernetes cluster egress IPs to your Palantir representative. They will add them to your Apollo Hub allowlist.

Contact your Palantir representative to add more clusters or if your IPs change.

SSO provider integration

Apollo's permission model is based on role-based access controls. Every action and API has an associated permission that you can grant to an Apollo Team. These can be managed in Apollo and mirrored from an SSO provider.

To get started, provide the following details to your Palantir representative:

  • Entity ID: A unique ID identifying Apollo for the identity provider in a URN format like urn:uuid:$[UUID].
  • Assertion Consumer Service (ACS) URL: The Apollo endpoint that accepts SAML response messages to establish a session based on an assertion.
  • Single logout URL: The Apollo endpoint that accepts SAML single logout requests from the identity provider.
  • Certificate: Used for signing the SAML messages sent to the identity provider.

After you have connected your SSO provider, you can configure groups, teams, and backup settings approvers.

After your Hub is set up, you can get started using Apollo.