Make the Xakia sign-in process easy for users, by linking to your federated identity service with Azure Active Directory.
Xakia currently supports Federated Identity (also known as single sign on) via Azure Active Directory, using the OpenId Connect (OIDC) protocol. This is available at all subscription levels.
In this article:
- Setting up your Azure Active Directory in Xakia
- Adding and removing users in Azure Active Directory
- Multiple locations
- Inviting users and managing the user profile in Xakia
- Frequently Asked Questions
Setting up your Azure Active Directory in Xakia
Xakia's federated identity is configured at the Location Level, but will require the assistance of an Azure Active Directory Global Administrator for your organization. This is possibly someone from your internal IT team who may need to be added as a user in Xakia to manage this process.
In order to configure Federated Identity in Azure Active Directory, please follow the steps below:
- Click on 'Admin' in the top navigation menu
- Click on 'Security' in the left hand menu
- Select the 'Federated identity' tab
- In the 'Identity provider' field, select "Azure Active Directory - Sync Job"
- Click 'Save' to confirm Azure Active Directory as your provider
- Click 'Get the app'
- This will take you to the Microsoft Azure Active Directory
- Please follow the prompts to accept the permissions for the terms of application (see below)
Once these steps have been completed, the following fields will be automatically populated in Xakia:
- Tenant ID
- Consent Granted by (person who provided consent)
- Consent granted on (date of acceptance in UTC)
Note: Xakia requires read access to your Azure Active Directory in order to synchronize authorized users into Xakia. This allows Xakia administrators to configure roles, groups and access levels for those users in Xakia.
Adding and removing users in Azure Active Directory
Once Xakia is connected to your Azure Active Directory, your Azure Active Directory Global Administrator can manage users by following this process. (This person will be familiar with this process when adding users to a connected user group):
- Within Azure Active Directory, select the 'Enterprise applications' blade
- Select the Xakia application from the list
- Select the 'Users and Groups' blade
- Click '+ Add User' from the top tool bar
- Select users and/or groups from your internal team to add to Xakia by clicking 'Assign'
After all steps have been completed in Azure Active Directory, please return to Xakia and click 'Sync Users Now'. An automatic sync will occur daily, but if you wish to prompt this process manually (when users have been added or removed), you may do so at any time.
By default, the Xakia user sync process will bring any user assigned to the Xakia Azure AD App into the location. This is fine for clients with a single location. However, clients with multiple locations will note that the user sync process will bring the same set of users from Azure AD into all Xakia locations. Most clients will want to have a separate set of users for each location. To achieve this, Xakia clients with multiple locations will need to consider using an Azure AD Group for each location to ensure that only the desired set of users are brought into each location.
- Create a Security Group in Azure AD that corresponds to the Xakia users in the given location
- Allocate the desired Azure AD users to the Azure AD Group created above
- Assign the group created above to the Xakia Azure AD App. If your Azure AD plan does not allow this, you must ensure that each individual user in the group is assigned to the Xakia Azure AD App
- In the Xakia Federated Identity configuration screen, set the 'User Sync Group' field to the name of the Azure AD Group created above and click 'Save'
- Click the 'Sync Users Now' button to initiate a user sync
- Repeat for each desired location
Note: Only the users in Azure AD that have been assigned to the Xakia Azure AD App (either directly or transitively through a group) AND are a member of the given User Sync Group are brought in to the location.
Inviting users and managing the user profile in Xakia
After users have been synced with Azure Active Directory (this may take a few minutes), they will be visible in Xakia:
- Navigate to the 'Users' tab in the 'Security' section of the 'Admin' area
- Use the filter on the top right hand corner and select 'All Users' from the drop down list
- All users are now listed and the following user profile attributes can be assigned individually:
- Role (defaults to mid-level lawyer)
- Group (defaults to show no Group membership)
- Access (defaults to All Matters)
- Analytics access (defaults to no)
- You can go ahead and send an invitation to each user (or those who are new to the system)
- Click link in email
- Click RegisterUsers will receive an invitation and must complete their registration as follows:
User access under Azure Active Directory
Following registration, clients who are in their Azure environment (eg. Office 365), will be required only to enter their username (ie. email address) in order to access Xakia, but not their password.
Once you have set up SSO in Xakia, Internal Clients can also log into the Internal Client Portal via Azure Active Directory. If the internal client is set up through your Azure Active Directory, they can access the Internal Client Portal directly through the Portal URL.
When visiting the Portal for the first time, they will be provisioned automatically when they enter their email address.
Note: You should not add them to the user Group in AAD, as Xakia will recognize them as users to the platform (as opposed to the Internal Client Portal).
Frequently Asked Questions
Q: What happens if a user's name or email address changes?
A: The Xakia Azure Active Directory synchronization tool robustly handles changes in a user's name or email address over time.