Identity & Access Management

AxonFlow Enterprise provides comprehensive identity and access management features to integrate with your existing enterprise identity infrastructure.

Capabilities

Feature	Description	Availability
API Key Authentication	Client ID and secret-based authentication for programmatic access	Community
Single Sign-On (SSO)	Federated authentication via your identity provider	Enterprise
SAML 2.0	Industry-standard SAML authentication	Enterprise
SCIM 2.0 Provisioning	Automated user lifecycle management	Enterprise

API Key Authentication (Community)

Every AxonFlow deployment supports API key authentication using the X-Client-Id and X-Client-Secret headers. This is the standard authentication method for the Community Edition:

# Authenticate with API key headers
curl -X POST http://localhost:8080/api/v1/query/execute \
  -H "Content-Type: application/json" \
  -H "X-Client-Id: my-tenant" \
  -H "X-Client-Secret: your-client-secret" \
  -d '{
    "query": "What are the top customers by revenue?",
    "provider": "openai",
    "model": "gpt-4o"
  }'

SDK clients pass these credentials at initialization:

import { AxonFlow } from '@axonflow/sdk';

const client = new AxonFlow({
  endpoint: 'http://localhost:8080',
  clientId: 'my-tenant',
  clientSecret: 'your-client-secret',
});

tip

API key authentication works for all Community and Enterprise deployments. Enterprise customers can layer SSO/SAML on top for browser-based access while keeping API keys for programmatic integrations.

Why Enterprise Identity?

Zero Manual User Management

When integrated with your identity provider, user lifecycle is fully automated:

User assigned in IdP → Automatically created in AxonFlow
User updated in IdP  → Automatically synced to AxonFlow
User removed in IdP  → Automatically deactivated in AxonFlow

Security & Compliance

• Centralized authentication - Single source of truth for user identity
• Instant deprovisioning - Users lose access immediately when terminated
• Audit trail - All identity operations are logged
• MFA enforcement - Leverage your IdP's MFA policies

Regulatory Requirements

SOC 2 Type II, HIPAA, and PCI-DSS all require centralized identity management with automated deprovisioning and access reviews. Enterprise identity features provide the controls auditors look for: SSO enforces authentication standards, SCIM automates joiner/mover/leaver workflows, and identity audit logging generates the evidence trail.

Supported Identity Providers

AxonFlow integrates with major identity providers:

Provider	SSO	SAML	SCIM
Okta	✅	✅	✅
Azure AD (Entra ID)	✅	✅	✅
OneLogin	✅	✅	✅
Ping Identity	✅	✅	✅
JumpCloud	✅	✅	✅
Google Workspace	✅	✅	-

SCIM 2.0 Provisioning

SCIM (System for Cross-domain Identity Management) automates the entire user lifecycle between your identity provider and AxonFlow. When you assign the AxonFlow application in your IdP, users and groups are automatically created, updated, and deactivated in AxonFlow without any manual intervention.

Key SCIM capabilities:

• User provisioning - Create users in AxonFlow when assigned in your IdP
• User deprovisioning - Deactivate users instantly when removed from your IdP
• Group sync - Map IdP groups to AxonFlow roles for role-based access control
• Profile sync - Keep user attributes (name, email, department) synchronized

Example: SCIM user provisioning request from your IdP to AxonFlow:

POST /scim/v2/Users
{
  "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
  "userName": "[email protected]",
  "name": {
    "givenName": "Jane",
    "familyName": "Doe"
  },
  "emails": [
    { "value": "[email protected]", "primary": true }
  ],
  "active": true
}

This is handled automatically by your IdP (Okta, Azure AD, OneLogin). You configure the SCIM endpoint once and your IdP manages all provisioning operations.

See the SCIM setup guides for provider-specific configuration.

Community vs Enterprise

Feature	Community	Enterprise
Authentication
API key authentication	✅	✅
License key authentication	✅	✅
Single Sign-On
SSO via identity provider		✅
SAML 2.0 authentication		✅
User Provisioning
SCIM 2.0 user provisioning		✅
SCIM user deprovisioning		✅
SCIM group sync		✅
Group-to-role mapping		✅
Management
Token management UI		✅
Identity audit logging		✅

Architecture

┌─────────────────────────────────────────────────────────────┐
│                    Identity Provider                        │
│              (Okta, Azure AD, OneLogin)                     │
└─────────────────┬─────────────────────┬─────────────────────┘
                  │                     │
            ┌─────▼─────┐         ┌─────▼─────┐
            │   SAML    │         │   SCIM    │
            │   Auth    │         │   Sync    │
            └─────┬─────┘         └─────┬─────┘
                  │                     │
┌─────────────────▼─────────────────────▼─────────────────────┐
│                    AxonFlow Platform                        │
│  ┌──────────────┐  ┌──────────────┐  ┌──────────────────┐   │
│  │   Sessions   │  │    Users     │  │   Role Mappings  │   │
│  └──────────────┘  └──────────────┘  └──────────────────┘   │
└─────────────────────────────────────────────────────────────┘

Getting Started

Enterprise Customers

1. Configure SSO/SAML - Set up authentication in Settings > Identity
2. Enable SCIM - Create provisioning token in Settings > SCIM
3. Configure IdP - Point your identity provider to AxonFlow endpoints
4. Test Integration - Verify login and provisioning flows

Access detailed guides in the Enterprise Documentation Portal.

Interested in Enterprise?

Enterprise Identity Management

Centralized identity management is a requirement for SOC 2, HIPAA, and PCI-DSS compliance. Enterprise identity features give you SSO, SCIM provisioning, and full identity audit trails. Compare Editions | Request Demo | AWS Marketplace

Related Documentation

• Authentication - SDK authentication methods
• Security Best Practices - Security guidelines
• Audit Logging - Audit trail configuration