Azure AD Integration

Enterprise single sign-on with Microsoft Entra ID (Azure AD), featuring SCIM provisioning, conditional access, and seamless identity lifecycle management.

View Documentation Request Demo

Features

Comprehensive Azure AD Integration

Leverage your existing Azure AD investment for unified identity and access management.

SAML & OIDC SSO

Enterprise single sign-on with SAML 2.0 and OpenID Connect support for seamless authentication.

SCIM Provisioning

Automatic user and group provisioning with SCIM 2.0 for synchronized identity lifecycle management.

Conditional Access

Leverage Azure AD Conditional Access policies with MFA passthrough and device trust validation.

Group Sync

Automatic synchronization of Azure AD groups to TigerAccess roles for dynamic access control.

Capabilities

Enterprise-Grade Identity Integration

SAML 2.0 authentication

OpenID Connect (OIDC)

SCIM 2.0 provisioning

Real-time group sync

Conditional Access integration

MFA passthrough

Device Trust validation

Hybrid identity support

Attribute mapping

PIM integration

User lifecycle automation

Multi-tenant support

Setup

Get Started in Minutes

Follow these simple steps to integrate TigerAccess with Azure AD for enterprise SSO.

Create Enterprise Application

# Azure AD Application Settings
Application ID: your-app-id
Directory (tenant) ID: your-tenant-id
Redirect URI: https://your-tigeraccess.com/v1/webapi/oidc/callback
Sign-on URL: https://your-tigeraccess.com
Reply URL: https://your-tigeraccess.com/v1/webapi/saml/acs

Configure SSO Connector

Add the Azure AD connector in TigerAccess with your tenant information and attribute mappings.

tacctl sso add azuread \
  --tenant-id=your-tenant-id \
  --client-id=your-client-id \
  --client-secret=your-client-secret \
  --issuer-url=https://login.microsoftonline.com/your-tenant-id/v2.0 \
  --display-name="Company Azure AD"

Enable SCIM Provisioning

Configure SCIM provisioning in Azure AD to automatically sync users and groups to TigerAccess.

# In Azure AD Enterprise Application > Provisioning
Tenant URL: https://your-tigeraccess.com/v1/webapi/scim
Secret Token: <generated-from-tigeraccess>

# Test connection and enable provisioning
# Users and groups will sync automatically

Use Cases

Real-World Azure AD Scenarios

Enterprise SSO Deployment

Enable single sign-on for all employees using existing Azure AD credentials, eliminating password sprawl and improving security posture.

Zero Trust Architecture

Combine Azure AD Conditional Access with TigerAccess just-in-time access for comprehensive zero trust implementation with device trust and MFA.

Automated Onboarding

Automatically provision users and sync group memberships from Azure AD to TigerAccess, reducing IT overhead and ensuring access is always up to date.

Hybrid Identity Management

Support hybrid environments with on-premises Active Directory synced to Azure AD, providing unified access control across cloud and on-prem resources.

FAQ

Frequently Asked Questions

What is the difference between SAML and OIDC for Azure AD integration?

Both SAML 2.0 and OpenID Connect (OIDC) provide single sign-on capabilities. OIDC is a modern protocol built on OAuth 2.0, offering simpler implementation and better support for mobile apps and APIs. SAML 2.0 is the traditional enterprise standard with broader legacy application support. TigerAccess supports both protocols, and you can choose based on your organizational requirements. OIDC is recommended for new deployments.

How does SCIM provisioning work with Azure AD?

SCIM (System for Cross-domain Identity Management) 2.0 is a standard protocol for automated user provisioning. When enabled, Azure AD automatically creates, updates, and deactivates user accounts in TigerAccess based on your Azure AD directory. This includes real-time synchronization of user attributes (email, name, department) and group memberships, ensuring that access permissions are always current. Changes in Azure AD are reflected in TigerAccess within minutes.

Can TigerAccess honor Azure AD Conditional Access policies?

Yes. TigerAccess integrates with Azure AD Conditional Access by validating authentication tokens that include conditional access claims. This means policies like MFA requirements, device compliance checks, location-based access, and sign-in risk policies are enforced. When a user authenticates through Azure AD, TigerAccess respects the MFA authentication and device trust signals, providing seamless zero trust security.

Does Azure AD group sync support nested groups?

Yes. TigerAccess supports synchronization of nested Azure AD groups. When a user is a member of a nested group, TigerAccess automatically resolves the group hierarchy and assigns the appropriate roles. This works with both SCIM provisioning and direct group claim mappings in SAML/OIDC tokens. You can map Azure AD groups to TigerAccess roles for dynamic access control.

How does hybrid identity work with on-premises Active Directory?

TigerAccess supports hybrid identity scenarios where on-premises Active Directory is synchronized to Azure AD using Azure AD Connect. Users authenticate through Azure AD (which syncs with on-prem AD), and TigerAccess receives the unified identity. This allows organizations to maintain their existing on-premises directory while gaining cloud SSO benefits. Group memberships and user attributes sync bidirectionally, ensuring consistent access control.

Ready to Secure Your Infrastructure?

Join thousands of security-conscious teams using TigerAccess to protect their critical infrastructure and AI agents.

Start Free Trial Contact Sales

No credit card required • 14-day free trial • Enterprise support available