Single Sign-On overview
Understanding the nuances of each identity provider's compatibility with Axon is important for a successful SSO implementation. This article guides you through the essential considerations to ensure that your organization is well-prepared for this integration.
Choose an identity provider
While Axon's systems are compatible with any identity provider that supports Security Assertion Markup Language (SAML) 2.0, Axon strongly recommends that organizations provision a cloud-based identity provider such as Microsoft Entra ID if they plan to leverage automatic directory synchronization for users and groups.
If mobile access is a requirement, consider how Certificate-Based Authentication (CBA) will integrate with your chosen identity provider. Learn more in our mobile authentication guide.
The following table outlines the compatibility of some available identity providers with Axon's directory synchronization capabilities:
| Identity Provider | Supports Single Sign-On | Supports Directory Synchronization with Axon |
|---|---|---|
| Microsoft Active Directory Federation Services | Yes | Supported (with Axon Directory Sync software installed) |
| Microsoft Entra ID | Yes | Supported |
| OKTA Identity | Yes | Not supported |
| Other identity providers who support SAML and System for Cross-Domain Identity Management (SCIM) based directory synchronization |
Yes |
Not supported
|
Administrative sign-in during SSO unavailability
Axon provides a means for administrators to sign in to your organization without using SSO, ensuring access to your data in the event of SSO misconfiguration or if your SAML-enabled identity provider is unavailable. This feature must be enabled for your organization for administrators to be able to bypass SSO. Steps to configure this access are provided in the identity provider setup instructions. Choose your identify provider below to get started:
If SSO is enabled and you can't access your Axon tenant, go to the page at the following URL and sign in with your Axon credentials (not the credentials you use with your identity provider):
https://id.<Region>.evidence.com/login?domain=<AgencyDomain>.<Region>.evidence.com&skipSso=1
The <region> entry is only required if it is included in your agency URL (examples: us.evidence.com, ca.evidence.com, or ent.evidence.com).
If you have forgotten your Axon credentials, or never set a password before, you can reset your credentials from the sign-in page. You might not have a password if SSO was enabled prior to your tenure as the current admin.
Additional Resources
For further guidance and detailed information on configuring SSO with Axon, refer to the following resources:
For further guidance and detailed information on configuring SSO with Axon, refer to the following resources:
-
Configure SSO with Microsoft Entra ID: Integrate Microsoft Azure Active Directory with Axon .
-
Configure SSO with Microsoft Active Directory Federation Services: Integrate Microsoft Active Directory Federation Services with Axon .
-
Configure SSO with Okta Single Sign-On:Integrate Okta Identity with Axon .
-
Configure Certificate-Based Authentication for SSO on Mobile Devices.
