Microsoft Entra ID Identity Provider Integration

You can integrate your Microsoft Entra ID Identity Provider (IdP) with Axiad Mesh to ensure that your users are securely logging into the portal.

The integration requires updates on both Entra ID and Axiad Mesh.

Entra ID Configuration Steps

IMPORTANT

These steps are Axiad’s current understanding of the configuration. Since Entra ID is a third-party product, there may be slight variations between your experience and what the guide describes. We work hard to keep things as up to date as possible, but depending on versions in use, latest updates, etc., there may be some mismatches.

If you find any blatant differences or anything that does not make sense, then please provide feedback on this article.

Note

The Entra ID steps are similar for both integrations as an IdP and as a Connector with Axiad Mesh; however, it is important that each integration type has its own enterprise application in Entra ID to ensure that the permissions are assigned accordingly.

Create New Enterprise Application

1. Log into the Microsoft Entra admin center as at least a Cloud Application Administrator

2. Navigate to Identity > Enterprise applications

3. Click New application

4. On the Browse Microsoft Entra Gallery page, click Create your own application

5. In the Create your own application modal, set the name to a friendly name

6. Select Register an application to integrate with Microsoft Entra ID (App you’re developing)

7. Click Create

8. On the Register an application page, set the Name to the friendly name

9. Select Accounts in this organizational directory only (Eagle 101 only - Single tenant)

Axiad Recommendation

We recommend that you create and test the integration with Axiad Mesh using a single tenant. Upon success, you can then change this setting to a multitenant environment as needed

10. Click Register

Configure Application Properties

1. In the Entra admin console, navigate to Identity > Enterprise applications > All applications

2. Locate and open your newly created application

3. Under Manage in the menu, select Properties

4. Select Yes for Enabled for users to sign-in?

5. Select Yes for Assignment required?

6. Select No for Visible to users?

7. Click Save

8. Copy the Application ID, as it will be required in the Axiad Configuration Steps

Configure Application Owners

1. In the Entra admin portal, navigate to Identity > Applications > Enterprise applications > All applications

2. Locate and open your newly created application

3. Under Manage in the menu, select Owners

4. In the Owners modal, search for and add desired application owners

5. Once they are all added, click Save

Assign Users and Groups

1. In the Entra admin portal, navigate to Identity > Applications > Enterprise applications > All applications

2. Locate and open your newly created application

3. Under Manage in the menu, select Users and groups

4. Search for and select the desired application users and / or groups allowed to use Axiad Mesh

5. Once the users / groups are added, click Save

Generate Client Secret

1. In the Entra admin portal, navigate to Identity > Applications > Enterprise applications > All applications

2. Locate and open your newly created application

3. Under Manage in the menu, select Single sign-on

4. On the OIDC-based Sign-on page, click Go to application in the Configure application properties section

5. Under Manage in the menu, select Certificates & secrets

6. Click New client secret

7. On the Add a client secret page, provide a Description, set the Expires to the expiration time, and then click Add

8. Once the secret is created, copy the Value from the Certificates & secrets page

IMPORTANT

You can only copy this value immediately after creating it and it is required for the Axiad Configuration Steps. Be sure to copy this value now because you will not have another opportunity, and you will need to create a new client secret instead.

Axiad Mesh Configuration Steps

Note

You can integrate your Entra ID IdP with Axiad in the initial onboarding process as the primary IdP; or as a secondary IdP after you configured another IdP as the primary IdP.

For more information about the initial onboarding process, please review the Axiad Mesh Admin Onboarding Guide.

Initial Onboarding Configuration

If you are adding Entra ID as your primary IdP during your initial onboarding, then complete the following steps.

1. After clicking on the access link from the Axiad Mesh welcome email, you will be prompted to set up your primary IdP

2. Set the Domain to the domain of your Entra ID environment

3. Select Microsoft Entra ID from the Provider dropdown

4. Set the Microsoft Entra Tenant ID to the Tenant ID of your Entra ID environment

   • Learn how to locate your Tenant ID

5. Fill in the fields with the values copied from the Entra ID Configuration Steps:

   • Set the Application (client) ID to the Application ID value copied in the Configure Application Properties section, step 8 above

   • Set the Client secret value to the Value copied in the Generate Client Secret section, step 8 above

6. On the next screen, set the Admin groups based on which users you would like to be Axiad Mesh admins when logging in with Entra ID

Entra ID Group Limitations

Only users that are in the groups included in the Assign Users and Group section above can access Axiad Mesh, so for any groups you add here, be sure that they are members of any group limitations made in Entra ID.

7. Click Continue and then you’ll be logged into the Axiad Mesh portal for the first time

Secondary IdP Configuration

If you already have your initial IdP connected and need to add a new one or you need to replace the existing one, then you can connect your Entra ID IdP from the Axiad Mesh administrative portal.

1. From the homepage, click on the gear icon to get to the Settings page

2. Select Identity providers from the left-hand menu and click + Add identity provider

3. On the Add identity provider page, set the Domain to the domain of your Entra ID environment

4. Select Microsoft Entra ID from the Provider dropdown

5. Set the Microsoft Entra Tenant ID to the Tenant ID of your Entra ID environment

   • Learn how to locate your Tenant ID

6. Fill in the fields with the values copied from the Entra ID Configuration Steps:

   • Set the Application (client) ID to the Application ID value copied in the Configure Application Properties section, step 8 above

   • Set the Client secret value to the Value copied in the Configure OIDC-based Sign-on section, step 8 above

7. Set the Admin groups based on which users you would like to be Axiad Mesh admins when logging in with Entra ID

Entra ID Group Limitations

Only users that are in the groups included in the Assign Users and Group section above can access Axiad Mesh, so for any groups you add here, be sure that they are members of any group limitations made in Entra ID.

8. Once the fields are filled out, click Test Connection

9. Upon a successful test, click Add & Connect

10. Once completed, you’ll see the new IdP listed on the Identity providers page