The Xakia authentication system implements OpenID Connect (and OAuth 2) standards. The Outlook add-in and main application implement an Authorization Code flow with PKCE.

From a user’s perspective, the following occurs:

• The user opens the App/Outlook add-in
• If the user is not authenticated, the auth flow begins, redirecting the user to the Xakia global auth service
• The user enters their email and the global auth service does a realm discover to determine the IDP for the user
• The user is redirected to the downstream IDP, where they authenticate
• Upon successful authentication, the IDP calls back to Xakia global auth service who issues a token
• A call back to the App/Outlook add-in then completes the auth flow with the bearer token

Xakia implements all the standard security mechanisms recommended for SPAs such as CORS and content security policies to enforce security.

If you require more information or support, you can get in touch with the Support team here or email support@xakiatech.com.