Single Sign-On Quick Start Guide

Introduction to Single Sign-On (SSO)

Axon provides an advanced Identity and Access Management (IAM) solution, which simplifies the creation and management of user and group accounts through Single Sign-On (SSO). SSO enhances security by authenticating users through their organization’s Active Directory, meaning that Axon never receives or stores usernames and passwords directly. Instead, it relies on a Security Assertion Markup Language (SAML)-enabled identity provisioning service, which authenticates credentials securely stored in your organization’s identity service, such as Microsoft Entra ID.

Once configured, users no longer need to remember separate passwords for every Axon application. When accessing Axon applications, users are redirected to their identity provider's sign-in portal. Upon successful sign-in, the portal confirms the validity of the user with Axon, granting them access. This approach not only streamlines the user experience but also maintains a high level of security by centralizing credential management.

SSO can be implemented at any stage, whether your organization has been using Axon applications for a long time, or is at the beginning of a new deployment.

The following figure shows an example where the identity provision service is in the organization's Active Directory.

An example workflow of an identity provision service within an organization's active directory.

Get started with SSO

  1. Review SSO implementation needs: Begin by understanding the key decisions you need to make. Any SAML 2.0 compatible SSO system can be used with the Axon platform. While we provide detailed guides for certain providers, our solution is tested to be compatible with a wide range of identity providers such as Duo, Google, Workspace, and more. Review the Considerations for Implementing SSO to choose an identity provider that compliments Axon's features and capabilities.

  2. Initiate user registration and sign-in procedures: Set up the SSO-enabled user registration and familiarize yourself with the sign-in process. The User Registration and Sign-In with SSO article will guide you through the steps.

  3. Configure your identity provider: Choose your identity provider from the options below for comprehensive setup instructions:

    1. Microsoft Entra ID

    2. Microsoft Active Directory Federation Services

    3. Okta Identity

  4. Configure Certificate Based Authentication (CBA) for SSO on mobile devices (optional): Axon supports CBA for use with mobile devices and the most recent versions of Axon mobile apps. Learn more about pre-requisites and information on integration with a Mobile Device Manager.

  5. Confirm your SSO setup: After configuring your identity provider, it's crucial to verify that SSO is functioning as expected.

Note

A new SSO sign-in experience was introduced for Axon Interview Room in version 4.13. Enabling SSO in the Interview Room client software Admin Config is essential for those using the legacy authentication system. To ensure uninterrupted access, the legacy SSO settings will continue to be available to those agencies.

SSO tips

  • Provisioning users: When adding users to Axon, consider using bulk-add options for efficiency, especially if you're managing a large number of accounts. Learn more about User Registration and Sign-In with SSO.

  • Identity provider selection: We strongly recommend that you provision a cloud-based identity provider that supports both Single Sign-On and directory synchronization with Axon to take full advantage of current and upcoming capabilities. Learn more about Considerations for Implementing SSO.

  • Backup authentication: Ensure there's a process for administrative sign-in that doesn't rely on SSO, to maintain access in the event of an SSO outage.

  • Mobile device authentication: For mobile device access, review our guide on Certificate-Based Authentication for SSO on Mobile Devices.

Additional Resources

For further guidance and detailed information on configuring SSO with Axon, refer to the following resources: