Azure AD (Entra ID) — Integration

Overview

SSO via Microsoft Entra ID using OIDC or SAML, with Conditional Access support and optional SCIM provisioning.

Capabilities

• OIDC and SAML single sign-on

• Group/role claim mapping to AccessGuard roles

• Conditional Access compatibility (device/compliance/geo)

• Optional SCIM 2.0 user & group provisioning

• Multi-tenant or single-tenant app registrations

• JWKS discovery and automatic key rotation

1. 1

   Step 1

   In Entra admin center, create an App registration; enable ID tokens (OIDC) or configure Enterprise app (SAML).

   Back to top
2. 2

   Step 2

   Note the Issuer (Tenant ID), Client ID, and create a Client Secret (for OIDC).

   Back to top
3. 3

   Step 3

   In AccessGuard → Settings → SSO, add **Azure AD** and paste the credentials or SAML metadata.

   Back to top
4. 4

   Step 4

   Map groups/roles from Azure AD claims to AccessGuard roles.

   Back to top
5. 5

   Step 5

   Optionally enable SCIM and provide the SCIM endpoint and token from AccessGuard.

   Back to top
6. 6

   Step 6

   Test login and verify Conditional Access prompts as required.

   Back to top

Limitations

• SCIM requires appropriate Entra licensing and admin consent.

• Group claims may require directory settings for overage scenarios (large groups).

• SAML entity IDs and reply URLs must exactly match the configured values.

FAQs

Pricing