Overview
This guide will walk you through integrating the Axiom Security application with Azure Entra ID using SAML authentication.
Prerequisites
To configure SSO, you need:
An Azure account with access to Azure Entra ID (formerly Azure Active Directory)
Administrative access to your Azure Entra ID tenant
Your Axiom Security customer name
A step-by-step guide
Navigate to Azure Entra ID - In the Azure portal, Use this link or click on "Azure Active Directory" or "Azure Entra ID" in the left-hand menu.
Access Enterprise Applications - In the Entra ID dashboard, click on "Enterprise applications" in the left-hand menu.
Create a New Application - Click on "New application" at the top of the Enterprise applications page. - Select "Create your own application" from the options presented.
Configure the Application - Name: Enter a name for your application (e.g., "Axiom Security").
Select "Integrate any other application you don't find in the gallery (Non-gallery)". Click "Create" to add the application.
Set Up Single Sign-On - In the newly created application's menu, click on "Single sign-on" in the left-hand menu.
Select "SAML" as the single sign-on method.
Configure SAML Settings - In the "Basic SAML Configuration" section, click "Edit" and enter the following details:
Identifier (Entity ID):
urn:auth0:axiom-production:{CustomerName}
(Replace{CustomerName}with your actual Axiom Security customer name)Reply URL (Assertion Consumer Service URL):
https://login.axiom.security/login/callback?connection={CustomerName}(Replace{CustomerName}with your actual Axiom Security customer name)Sign on URL: Leave this blank unless specified by Axiom Security
Click "Save" to apply these settings.
Configure User Attributes & Claims - In the "User Attributes & Claims" section, ensure that the following claims are present:
Unique User Identifier (Name ID): user.userprincipalname [nameid format:emailAddress]
Important! Make sure the value used for Name ID is the primary user emailgivenname: user.givenname
surname: user.surname
emailaddress: user.mail
If any of these are missing, add them by clicking "Edit" and then "Add new claim".
Download SAML Certificate - In the "SAML Signing Certificate" section, download the Base64 certificate.
Get Login URL and Azure AD Identifier - Copy the "Login URL" and "Azure AD Identifier" from the "Set up Axiom Security" section.
Assign Users - In the application's left-hand menu, click on "Users and groups". - Click "Add user/group" to assign users or groups who should have access to Axiom Security.
Provide Information to Axiom Security - Send the following information to Axiom Security or enter it in their configuration portal: - SAML Certificate (the Base64 certificate you downloaded) - Login URL (Azure AD SAML endpoint) - Azure AD Identifier (Issuer URL).
Test the Configuration - Return to the "Single sign-on" page of your application. - Click the "Test" button to verify the SAML configuration. - Follow the prompts to test the sign-in process.
Troubleshooting
If you encounter any issues, check the following:
Ensure all URLs and identifiers are correctly entered without typos.
Verify that the
{CustomerName}placeholder is replaced with your actual Axiom Security customer name.Check that the assigned users have the necessary permissions in both Azure Entra ID and Axiom Security.
Review the Azure AD sign-in logs for any error messages or failed authentication attempts.
Contact Azure support or Axiom Security's customer support team for further assistance.
SSO Logo - link