Skip to main content

Azure Active Directory

As a Kisi organization owner you can set up Azure single sign-on (SSO) for your Kisi users. To further control your SSO integration, you can sync it with your Azure Active Directory members and groups with SCIM.

Enable SSO on Azure Active Directory

Set up the integration in Azure Active Directory

  1. Sign in to your Azure Active Directory portal
  2. Navigate to Enterprise Applications and select All Applications
  3. Click on New application
  4. Start typing Kisi Physical Security in the search field
  5. Select Kisi Physical Security from the list and click on Create.
  6. On the Kisi Physical Security application integration page navigate to the Manage section
  7. Click on Single sign-on
  8. When prompted to Select a single sign-on method, select SAML
  9. When prompted to Set up single sign-on with SAML, select Edit under the Basic SAML Configuration section
  10. Here, if you want to configure the application in IDP initiated mode, enter the following values for the following fields:
  • In the Identifier field, type the following URL:
  • In the Reply URL field, type the following URL:<DOMAIN> (You can find your Kisi organization domain under Organization Setup > Settings)
  1. If you want to configure the application in SP initiated mode, click Set additional URLs and in the Sign-on URL field type the following URL:<DOMAIN>
  2. Kisi expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration under User Attributes & Claims. Here is the list of default attributes:
User attributesClaims
Unique User Identifieruser.userprincipalname
  1. Under SAML Signing Certificate, copy the App Federation Metadata URL and save it on your computer

Set up the integration in Kisi

  1. Sign in to Kisi
  2. Under Organization Setup, click on SSO & SCIM and paste the App Federation Metadata URL that you saved in the step above
  3. Click Save
  4. As a last step, click Generate Certificate

Enable SCIM on Azure Active Directory

Before you start, make sure you have SSO set up for your organization. Then just follow the next steps to generate a SCIM token and add the Kisi Physical Security app in Azure.

Generate your SCIM Token in Kisi

  1. Sign in to Kisi
  2. Under Organization setup click on SSO & SCIM
  3. Enable SCIM and click on Generate Token
  4. Copy the token (shown once)

Set up SCIM with Azure

  1. Sign in to your Azure Active Directory portal
  2. Click on Enterprise applications
  3. Under All Applications, select your Kisi Physical Security application
  4. Navigate to the Provision User Accounts card and click Get Started
  5. Change provisioning mode from Manual to Automatic
  6. Add as the Tenant URL and enter your SCIM token in Secret Token field
  7. Click Test Connection to verify if the test succeeds before clicking Save
  8. Under Settings you can define whether both groups and users should be synchronized. Add an email address that will receive an alert if the synchronization fails.
  9. Navigate back to Enterprise applications, choose Kisi Physical Security and click on Users and groups
  10. Add any groups and users you want to sync with Kisi
  11. Go back to Provisioning and click Start provisioning (greyed out means it's already running)

You can sync single users on demand under Provisioning > Provision on demand. Groups cannot be synced on demand.


Azure syncs on a fixed schedule of around 40 minutes, meaning that any updates in Azure might take up to 40 minutes before they are propagated to Kisi.