All Collections
Administration
Federated Identity
Microsoft Entra (formerly known as Azure Active Directory) Federated identity and Single Sign on (SSO)
Microsoft Entra (formerly known as Azure Active Directory) Federated identity and Single Sign on (SSO)
Updated over a week ago

Make the Xakia sign-in process easy for users, by linking to your federated identity service with Microsoft Entra (formerly known as Azure Active Directory)

Xakia currently supports Federated Identity (also known as single sign on) via Microsoft Entra, using the OpenId Connect (OIDC) protocol. This is available at all subscription levels.

In this article:


Setting up Microsoft Entra (Azure Active Directory) in Xakia

Xakia's federated identity is configured at the Location Level, but will require the assistance of Microsoft Entra Global Administrator for your organization. This is possibly someone from your internal IT team who may need to be added as a user in Xakia to manage this process.

In order to configure Federated Identity in Microsoft Entra, please follow the steps below:

  • Click on 'Admin' in the top navigation menu

  • Click on 'Security' in the left hand menu

  • Select the 'Federated identity' tab

  • In the 'Identity provider' field, select "Azure Active Directory - Sync Job"

  • Click 'Save' to confirm Microsoft Entra as your provider

  • Click 'Get the app'

  • This will take you to Microsoft Entra

  • Please follow the prompts to accept the permissions for the terms of application (see below)

image__1_.png

Once these steps have been completed, the following fields will be automatically populated in Xakia:

  • Tenant ID

  • Consent Granted by (person who provided consent)

  • Consent granted on (date of acceptance in UTC)

Note: Xakia requires read access to your Microsoft Entra Directory in order to synchronize authorized users into Xakia. This allows Xakia administrators to configure roles, groups and access levels for those users in Xakia.

Adding and removing users in Microsoft Entra

Once Xakia is connected to your Microsoft Entra, your Microsoft Entra Global Administrator can manage users by following this process. (This person will be familiar with this process when adding users to a connected user group):

  • Within Microsoft Entra, select the 'Enterprise applications' blade

  • Select the Xakia application from the list

  • Select the 'Users and Groups' blade

  • Click '+ Add User' from the top tool bar

  • Select users and/or groups from your internal team to add to Xakia by clicking 'Assign'

After all steps have been completed in Microsoft Entra, please return to Xakia and click 'Sync Users Now'. An automatic sync will occur daily, but if you wish to prompt this process manually (when users have been added or removed), you may do so at any time.

If you are using AAD (sync job) you can manually sync new user information by following these steps:

  • Go to the Admin area in Xakia

  • Then select Security on the left hand side

  • Select the Federated Identity Tab

  • Under User Sync click the "Sync User Now" button.

Multiple locations

By default, the Xakia user sync process will bring any user assigned to the Xakia Microsoft Entra App into the location. This is fine for clients with a single location. However, clients with multiple locations will note that the user sync process will bring the same set of users from Microsoft Entra into all Xakia locations. Most clients will want to have a separate set of users for each location. To achieve this, Xakia clients with multiple locations will need to consider using a Microsoft Entra Group for each location to ensure that only the desired set of users are brought into each location.

  • Create a Security Group in Microsoft Entra that corresponds to the Xakia users in the given location

  • Allocate the desired Microsoft Entra users to the Microsoft Entra Group created above

  • Assign the group created above to the Xakia Microsoft Entra App. If your Microsoft Entra plan does not allow this, you must ensure that each individual user in the group is assigned to the Xakia Microsoft Entra App

  • In the Xakia Federated Identity configuration screen, set the 'User Sync Group' field to the name of the Microsoft Entra Group created above and click 'Save'

  • Click the 'Sync Users Now' button to initiate a user sync

  • Repeat for each desired location

Note: Only the users in Microsoft Entra that have been assigned to the Xakia Microsoft Entra App (either directly or transitively through a group) AND are a member of the given User Sync Group are brought in to the location.

Inviting users and managing the user profile in Xakia

After users have been synced with Microsoft Entra (this may take a few minutes), they will be visible in Xakia:

  • Navigate to the 'Users' tab in the 'Security' section of the 'Admin' area

  • Use the filter on the top right hand corner and select 'All Users' from the drop down list

  • All users are now listed and the following user profile attributes can be assigned individually:

    • Role (defaults to mid-level lawyer)

    • Group (defaults to show no Group membership)

    • Access (defaults to All Matters)

    • Analytics access (defaults to no)

Note: The 'Role' assigned at this stage will have an effect on Xakia's Delegated Authority Limits functionality. For more information, read this article.

  • You can go ahead and send an invitation to each user (or those who are new to the system)

    • Click link in email

    • Accept the Privacy Policy

    • Click Register. Users will receive an invitation and must complete their registration as follows:

User access under Microsoft Entra

Following registration, clients who are in their Microsoft Entra environment (eg. Office 365), will be required only to enter their username (ie. email address) in order to access Xakia, but not their password.

Internal Clients

Once you have set up SSO in Xakia, Internal Clients can also log into the Internal Client Portal via Microsoft Entra. If the internal client is set up through Microsoft Entra, they can access the Internal Client Portal directly through the Portal URL.

When visiting the Portal for the first time, they will be provisioned automatically when they enter their email address.

Note: You should not add them to the user Group in Microsoft Entra, as Xakia will recognize them as users to the platform (as opposed to the Internal Client Portal).

Frequently Asked Questions

Q: What happens if a user's name or email address changes?

A: The Xakia Microsoft Entra synchronization tool robustly handles changes in a user's name or email address over time.

Did this answer your question?