Skip to main content

Microsoft Entra (formerly known as Azure Active Directory) Federated Identity and Single Sign On (SSO)

Make Xakia sign-ins a breeze by linking it to Microsoft Entra for effortless single sign-on!

Updated yesterday

Xakia supports Federated Identity (also known as Single Sign-On) through Microsoft Entra (formerly Azure Active Directory) via the OpenId Connect (OIDC) protocol. This feature is available to all subscription levels.

With Microsoft Entra (Azure AD) federated identity, you can create and manage users through a sync job maintained by Xakia. This sync job runs daily but can also be triggered manually as needed.

Non legal team users should not be added to the group.

Only legal team users should be added to the group. Note that any user added to the group will become a billable Xakia user.

In the event that non legal team members are accidentally added as billable Xakia users, the Xakia support team can help clean this up, however this will attract a service fee.

  • If you are interested in utilizing Microsoft Entra's SCIM functionality to manage Xakia users in Microsoft Entra, you can still configure it

Configure Microsoft Entra (Azure AD) SCIM federated identity

  • If your team is using Azure Directory Federation Services (AD FS), please use this guide to configure it

Configure Azure Directory Federation Services (AD FS) Single Sign On

Note: To set up Microsoft Entra federated identity, a Microsoft Entra system administrator must configure OIDC within Microsoft Entra.

IMPORTANT: Creating a Xakia Support Account on your Xakia Location is highly recommended to ensure minimal downtime during the transition. Xakia Location Administrator access is required to set up Single-Sign On. Please ensure that the member of IT managing Microsoft Entra has a Xakia Location Admin user account set up. This account can be configured without Matter or Contract access and set as non-billable by contacting Xakia Support.

Setting up Microsoft Entra (Azure Active Directory) in Xakia

Federated identity is configured at the Location level in Xakia but requires assistance from a Microsoft Entra Global Administrator.

To configure Federated Identity in Microsoft Entra, please follow the steps below:

  • Navigate to 'Admin' > 'Users & Security' > 'Federated identity'

  • In the 'Identity provider' field, select "Azure Active Directory - Sync Job"

  • Click 'Save' to confirm Microsoft Entra as your provider

  • Click 'Get the app'

  • This will take you to Microsoft Entra

  • Please follow the prompts to accept the permissions for the terms of the application (see below)

After completing these steps, Xakia will automatically populate the following fields:

  • Tenant ID

  • Consent Granted by (person who provided consent)

  • Consent Granted on (date of acceptance in UTC)

Note: Xakia requires read access to your Microsoft Entra Directory to synchronize authorized users, allowing administrators to configure roles, groups, and access levels in Xakia.

Provisioning Users in Xakia

Once Xakia is authorized to access your Entra ID directory your Entra ID Global Administrator can manage users by following the process below:

  1. Create a new Security group in Entra ID. This can be done via the Azure Portal or the Microsoft 365 Admin Center. Note that only Security groups are supported. Microsoft 365 groups are not.

  2. Add legal team members to this group

  3. Enter the group's name as the 'User Sync Group' in the Xakia admin page.

  4. Click the 'Sync Users Now' button to trigger an immediate sync (this can take up to 5 minutes)

    • You can verify that users have been synced as expected from the Security page in Xakia Admin

Non legal team users should not be added to the group.

Only legal team users should be added to the group. Note that any user added to the group will become a billable Xakia user.

In the event that non legal team members are accidentally added as billable Xakia users, the Xakia support team can help clean this up, however this will attract a service fee.

Note: The sync process happens automatically every day to ensure that users' details are kept up to date in Xakia, but you can also manually sync users by clicking 'Sync Users Now,' e.g., when new users have been added or if users have been removed.

Whenever a user sync occurs, the following happens:

  • New users in the sync group are added to Xakia that do not have Xakia accounts are added to Xakia

  • Deactivated Xakia accounts are reactivated if users are in the sync group

  • Users removed from the sync group are deactivated in Xakia

  • Updated email addresses, first names, and last names are reflected in Xakia

Important note! When Entra ID is synced with Xakia, it serves as the source of truth for managing users.

  • Therefore, when removing users or changing users' details, it is best to do this in Entra ID. If such changes are made directly in Xakia, a user sync from Entra ID will likely undo your changes.

Inviting and Managing Users in Xakia

After users have been synced with Microsoft Entra (this may take a few minutes), they will be visible in Xakia:

  • Navigate to 'Admin' > 'Users & Security' > 'Users'

  • Use the filter on the top right to select 'All Users'

You'll see a list of users, where you can assign the following attributes:

  • Role (defaults to mid-level lawyer)

  • Group (defaults to no group membership)

  • Access (defaults to All Matters)

  • Analytics Access (defaults to none)

Note: The 'Role' assigned at this stage will have an effect on Xakia's Delegated Authority Limits functionality.

Learn How to Set Up Delegated Authority Limits!

You can now send invitations to new users. Once they receive the email, they need to:

  • Click the link

  • Accept the Privacy Policy

  • Click Register

    • Users will receive an invitation and must complete their registration as follows:

User Access with Microsoft Entra

After registering, users in the Microsoft Entra environment (e.g., Office 365) only need to enter their username (e.g., email address) to access Xakia; no password is required.

Internal Clients

Once you've set up SSO in Xakia, Internal Clients can log into the Internal Client Portal via Microsoft Entra. They can access the portal directly through the Portal URL if they're set up through Microsoft Entra.

The first time they visit the Portal, they will be automatically provisioned by entering their email address.

Ensure that the Xakia app in Entra ID Enterprise Applications has the "Assignment required?" option set to "No" - this allows any user in your Entra ID tenant to authenticate with this application. Once authenticated, they will be auto-provisioned in Xakia as an Internal Client user.

Make sure the Xakia app in Entra ID Enterprise Applications has the 'Assignment required?' option set to 'No.' This allows any user in your Entra ID tenant to authenticate. Once authenticated, they'll be automatically provisioned as Internal Client users in Xakia.

Non legal team users should not be added to the group.

Only legal team users should be added to the group. Note that any user added to the group will become a billable Xakia user.

In the event that non legal team members are accidentally added as billable Xakia users, the Xakia support team can help clean this up, however this will attract a service fee.

Did this answer your question?