This guide walks you through integrating Azure Active Directory (Azure AD / Microsoft Entra ID) Single Sign-On with Axya. Once configured, your users can log in to Axya using their existing Microsoft credentials — no separate password needed.
Send the following information to Axya's security team at security@axya.co:
| Information | Description |
|---|---|
| User domain name | The email domain used for SSO (e.g., user@yourcompany.com) |
| Application (Client) ID | The unique identifier assigned to your registered Azure AD application |
| Client secret | The secret key generated in "Certificates & Secrets" |
| Authorization endpoint URL | OAuth 2.0 Authorization Endpoint (v2) |
| Token endpoint URL | OAuth 2.0 Token Endpoint (v2) |
| Test account | A test user with valid Azure AD credentials for Axya to validate the SSO flow |
Important: Set a reminder to rotate the client secret before it expires. If the secret expires, SSO will stop working until a new one is configured.
This is a critical step. An Azure AD tenant administrator must grant consent for the Axya application to authenticate users in your organization.
Alternatively, the administrator can grant consent directly via a URL:
https://login.microsoftonline.com/{tenant-id}/adminconsent?client_id={client-id}
Replace {tenant-id} with your Azure AD tenant ID and {client-id} with the Application (Client) ID.
Without admin consent, users will see a "Need admin approval" error when attempting to log in via SSO. This is an Azure AD requirement — it ensures the tenant administrator has explicitly authorized the application.
Email the following to security@axya.co:
The Axya security team will configure the SSO connection and provide the Redirect URI for your Azure AD application if not already shared.
"Need admin approval" error
The tenant administrator has not yet granted consent. Complete Step 4 above.
"Reply URL does not match" error
The Redirect URI in your Azure AD app registration does not match what Axya expects. Contact security@axya.co to confirm the correct Redirect URI.
Users are not being redirected to Azure AD
SSO may not yet be enabled for your domain. Confirm with Axya that the configuration is complete.
Client secret expired
Generate a new client secret in Azure AD (Step 3) and send the new value to security@axya.co.
Note: This guide covers the general Azure AD SSO setup. Configuration steps may vary depending on your Azure AD version and organizational policies. Refer to the official Microsoft documentation for the most current instructions.
For assistance, contact the Axya security team at security@axya.co.