SAML 2.0 Authentication
AxonFlow supports SAML 2.0 (Security Assertion Markup Language) for enterprise authentication, enabling secure federated identity with your corporate identity provider.
What is SAML?
SAML 2.0 is an industry-standard protocol for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). It enables secure single sign-on without transmitting passwords.
Benefits
Security
- No passwords transmitted - Cryptographic assertions instead of credentials
- Signed assertions - Tamper-proof authentication tokens
- Encrypted data - Optional encryption for sensitive attributes
- Certificate-based trust - Established trust via X.509 certificates
Enterprise Integration
- Industry standard - Works with any SAML 2.0 compliant IdP
- Attribute mapping - Map IdP attributes to AxonFlow user properties
- Group claims - Sync group memberships for role assignment
- Just-in-time provisioning - Create users on first login
Supported Identity Providers
| Provider | SP-Initiated | IdP-Initiated |
|---|---|---|
| Okta | ✅ | ✅ |
| Azure AD (Entra ID) | ✅ | ✅ |
| OneLogin | ✅ | ✅ |
| Ping Identity | ✅ | ✅ |
| ADFS | ✅ | ✅ |
| Shibboleth | ✅ | ✅ |
SAML Flow
SP-Initiated SSO
User starts at AxonFlow and is redirected to IdP:
1. User → AxonFlow (request access)
2. AxonFlow → IdP (SAML AuthnRequest)
3. User → IdP (authenticate)
4. IdP → AxonFlow (SAML Response with Assertion)
5. AxonFlow → User (session created, access granted)
IdP-Initiated SSO
User starts at IdP and clicks AxonFlow app:
1. User → IdP (click AxonFlow app)
2. IdP → AxonFlow (SAML Response with Assertion)
3. AxonFlow → User (session created, access granted)
Configuration Overview
AxonFlow as a SAML Service Provider requires:
| Setting | Description |
|---|---|
| Entity ID | Unique identifier for AxonFlow SP |
| ACS URL | Assertion Consumer Service endpoint |
| IdP Metadata | Your IdP's SAML metadata |
| Certificate | IdP's signing certificate |
Your IdP requires:
| Setting | Description |
|---|---|
| SP Entity ID | AxonFlow's entity ID |
| ACS URL | AxonFlow's assertion consumer URL |
| Attribute Statements | User attributes to include |
Enterprise Feature
| Capability | Community | Enterprise |
|---|---|---|
| SAML 2.0 SP-initiated SSO | ✅ | |
| SAML 2.0 IdP-initiated SSO | ✅ | |
| Just-in-time user provisioning | ✅ | |
| Group claim mapping | ✅ | |
| SAML assertion logging | ✅ |
SAML authentication is available exclusively with AxonFlow Enterprise. Contact sales to enable SAML for your organization.
Learn More
Enterprise customers can access detailed SAML documentation including:
- Complete setup guides for each identity provider
- Attribute mapping configuration
- Group-to-role mapping
- Troubleshooting and debugging
Access the Enterprise Documentation Portal for full implementation details.
Related
- Single Sign-On - SSO overview
- SCIM Provisioning - Automated user provisioning
- Identity Overview - Identity & Access overview