Skip to main content

Microsoft Entra ID (Azure AD) Federated Identity and Single Sign on with SCIM Configuration

Make signing into Xakia a breeze with Microsoft Entra’s SCIM and SSO setup

Updated over 2 weeks ago

Ease the Xakia sign-in process by linking to your federated identity service with Microsoft Entra (formerly Azure Active Directory).

Non legal team users should not be added to the Xakia SCIM application.

Important: Only add legal team users to the Xakia SCIM application. Any user added becomes a billable Xakia user. Accidental additions can be cleaned up by Xakia support for a service fee.

Prerequisites:

  • Xakia Location Administrator access

  • Microsoft Entra Global Administrator access

  • Recommended: Set up a Xakia Support Account by contacting Xakia support before beginning

Note: If using Azure AD FS instead, see Configure Azure Directory Federation Services (AD FS) Single Sign On. For SSO without SCIM, see Configure Single-Sign On (SSO) with Microsoft Entra (Azure AD) OIDC.

The Microsoft Entra (Azure AD) SCIM federated identity option requires a Microsoft Entra system administrator to configure SCIM within Microsoft Entra.

Before configuring Microsoft Entra (Azure AD) SCIM federated identity using the below steps, it is highly recommended to setup a Xakia Support Account on your Xakia Location to ensure minimal downtime during your switch to Microsoft Entra (Azure AD) SCIM federated identity. You can set this account up by contacting the Xakia support team.

Note: Xakia Location Administrator access is required to set up Single-Sign On. Please ensure that the member of IT managing Microsoft Entra has a Xakia Location Admin user account setup. This account can be configured without Matter or Contract access and set as non-billable by contacting Xakia Support.

Setup

Xakia's federated identity is configured at the Location Level, but will require the assistance of an Entra Directory Global Administrator for your organization. This is possibly someone from your internal IT team who may need to be added as a user in Xakia to manage this process.

In order to configure Federated Identity in Microsoft Entra, follow the steps below.

Step 1: Configure Xakia

  1. Go to 'Admin' > 'Users & Security' > 'Federated Identity tab'

  2. Select Azure Active Directory – SCIM as the Identity Provider

  3. Click Save

  4. Click 'Get the App' and accept the application permissions

  5. Verify the Xakia SCIM SSO enterprise application was created in Azure

  6. Copy and save the SCIM Base URI and SCIM API Key from Xakia (API Key cannot be retrieved later)

Step 2: Configure Microsoft Entra

1. Go to 'Microsoft Entra' > 'Enterprise Applications' > 'New application'

2. Click Create your own application

3. Name it "Xakia SCIM" and select 'Integrate any other application you don't find in the gallery'

4. Click Create

Configure Provisioning:

5. Select 'Provisioning' > 'Get started'

6. Set 'Provisioning Mode' to 'Automatic'

7. Enter SCIM Base URI in Tenant URL field

8. Enter SCIM API Key in Secret Token field

9. Click 'Test Connection', then 'Save'

Configure Mappings:

10. Select 'Provision Azure Active Directory Users'

11. Ensure 'Create', 'Update', and 'Delete' are checked under 'Target Object Actions'

12. Verify these fields are mapped correctly:

  • userName (email)

  • email (email)

  • active

  • name.givenName

  • name.familyName

  • externalId

13. Remove all other field mappings

14. Click 'Save'

Note: If externalId is not available, wait 15 minutes, refresh Entra ID, and configure. If still unavailable, contact Xakia Support.

Enable Provisioning

17. Toggle 'Provisioning' to 'On'

18. Add legal team users via Users and Groups (individual users or groups)

19. New users receive My Matters access by default (adjustable by Xakia Admin)

Test Provisioning (Optional):

20. Go to Provision On Demand to test with a single user

21. Check Provisioning Logs to confirm success

22. Standard provisioning runs every 40 minutes

Troubleshooting

Manual User Provisioning from Xakia

If SCIM provisioning fails, you can provision users directly in Xakia:

1. Go to 'Admin' > 'Settings' > 'Users & Security' > 'Federated Identity'

2. Check 'Enable User Provisioning' from Xakia and click 'Save'

3. Go to 'Users & Security' > 'Users' > 'Add user'

4. Complete user details (Identity Provider defaults to Azure Active Directory - SCIM)

5. User immediately has SSO access

6. Best practice: Also add the user to the Xakia SCIM app in Entra ID to maintain sync

ExternalId Field Missing

If the externalId field is not available during mapping:

  • Wait 15 minutes after initial setup

  • Refresh Entra ID and configure the mapping

  • If still unavailable, contact Xakia Support

Testing Best Practices

Do:

  • Test directly in your production Xakia location with a single pilot user

  • Use your production IDP and real users

  • Existing users continue signing in normally during testing

Don't:

  • Create separate test Xakia locations

  • Use test IDP tenants or instances

  • Exception: Microsoft Entra (Sync Job) supports multiple tenants

Provisioning Interval

Automatic provisioning runs every 40 minutes.

Use Provision On Demand for immediate testing

  • Check Provisioning Logs for verification

If you are still having issues, please contact support through the chat button in the lower right-hand corner.

Did this answer your question?