Example: SAML Based Authentication with Microsoft Active Directory (AD)

The following example describes how to enable SAML based authentication in Axonius with Microsoft Active Directory AD (Microsoft Entra ID). The step-by-step example below uses Windows Server 2016, but the same logic can be applied to other versions of Microsoft Active Directory (AD) as well.

1. Download the metadata file provided by Axonius in the link: https://<axonius_hostname>/api/login/saml/metadata/

2. Log in to an Active Directory server as an administrator, and open the Active Directory Federation Services (AD FS) management tool. Click "Relying Party Trusts" and then "Add Relying Party Trust".

3. Select "Claims Aware" and click "Start"

4. Select "Import data about the relying party from a file" and select the metadata file. Then click "Next".

5. Specify a display name for the application and click "Next".

6. Choose an access control policy and click "Next".

7. Click "Next" and Close.

8. From the list of Relying Party Trusts, select the relying party trust we just created. Make sure that it is enabled, and then right click it and select "Edit Claim Issuance Policy".

9. Click "Add Rule" and select the "Send LDAP Attributes as Claims" template, then click "Next".

10. Fill in the details to send Axonius the id, first name and last name of any user that will sign in. Then, click "Finish" and "OK".

11. Log in to Axonius as an administrator, navigate to System Setting Categories/Subcategories pane->GUI->Login, and Enable SAML based logins. Use the metadata URL for your domain:
    https://[[ADFS server name]]/FederationMetadata/2007-06/FederationMetadata.xml