Ease the Xakia sign-in process for users by linking to your federated identity service with Microsoft Entra (formerly known as Azure Active Directory)
Xakia currently supports Federated Identity (also known as single sign on) via Microsoft Entra (formerly known as Azure Active Directory) via the OpenId Connect (OIDC) protocol. This is available at all subscription levels.
In this article:
Setting up your Microsoft Entra in Xakia
Xakia's federated identity is configured at the Location Level, but will require the assistance of an Entra Directory Global Administrator for your organization. This is possibly someone from your internal IT team who may need to be added as a user in Xakia to manage this process.
In order to configure Federated Identity in Microsoft Entra, follow the steps below.
Configure Xakia
In Xakia:
Click on 'Admin' in the top navigation menu
Click on 'Security' in the left hand side menu
Select the 'Federated Identity' tab
In the 'Identity Provider' field, select ‘Azure Active Directory – SCIM’
Click ‘Save’ to confirm Azure Active Directory as your provider
Click 'Get the App' and this will take you to Microsoft Azure Active Directory
Please follow the prompts to accept the permissions for the terms of the application (see below).
Once these steps have been completed, the following fields will be automatically populated in Xakia:
Tenant ID
Consent Granted by (person who provided consent)
Consent granted on (date of acceptance in UTC)
SCIM Base URI
SCIM API Key
Take note of the ‘SCIM Base URI’ and ‘SCIM API Key’ for use later.
Note: We do not store the API Key, so make sure you copy this before navigating away. It can be regenerated later, but will have to be updated everywhere it has been used.
Configure Microsoft Entra (formerly known as Azure Active Directory):
Create a new Enterprise Application by going to Microsoft Entra (Azure Active Directory) -> Enterprise Applications and selecting new application. Then select ‘Create your own application’
Provide a name (Xakia SCIM) and select ‘Integrate any other application you don't find in the gallery’
Click ‘Create’
Once the application is created, select ‘Provisioning’ then click ‘Get started’
Select ‘Automatic’ as the provisioning mode
Enter the ‘SCIM Base URI’ value from Xakia into the ‘Tenant URL’ field
Enter the ‘SCIM API Key’ value from Xakia into the ‘Secret Token’ field
Click ‘Test Connection’ to ensure everything is configured correctly
Click ‘Save’
Once saved, under the ‘Mappings’ header, select ‘Provision Azure Active Directory Groups'
Toggle 'Enabled' to 'No' and then save
Navigate back to the provisioning settings. Then under the ‘Mappings’ header, select ‘Provision Azure Active Directory Users’
Under 'Target Object Actions', ensure that Create, Update & Delete are all checked
Ensure that the userName, email, active, name.givenName, and name.familyName, externalId fields are mapped correctly. The username and primary email fields must be the email the user will use to login. All other fields can be removed. For example:
Note: In some instances the externalId field is not immediately available. If need be, return to configure this field at a later time as it is a mandatory field and the integration will not work without it.
Click ‘Save’
Under 'Provisioning', ensure that the Provisioning is toggled to 'On'
When users are added to the application, they will be automatically provisioned into Xakia
For users that are new to Xakia, they will need to be invited from the Xakia Admin to complete the registration process
New Xakia users will be added with an access level of 'My Matters'. This can be adjusted by a Xakia Admin
User provisioning in Xakia
Syncing users to Xakia via SCIM is the recommended approach. However, if user provisioning is required from Xakia directly, go to Admin | Security | Federated Identity - select the 'Enable User Provisioning from Xakia' box and click 'Save'
This will allow a Xakia Admin to provision a new user in Xakia directly as a SSO user, by going to Security | Users | Add user
Complete all new user details as prompted and the Identity Provider field will default to 'Azure Active Directory - SCIM'
The new Xakia user will immediately have access to Xakia via SSO
Best practice is for the new user to also be added to the Xakia SCIM app in AAD to ensure they stay in sync