> For the complete documentation index, see [llms.txt](https://docs.keyfax.biz/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.keyfax.biz/product-suite/admin/user_maintenance/keyfax-sso-via-microsoft-entra-id-support.md).

# Keyfax SSO – via Microsoft Entra ID Support

Microsoft Entra ID is a cloud-based service that manages identity and access to applications and services. With Keyfax 4.4.7.0 organizations can now leverage Microsoft Entra ID to centrally manage access and permissions throughout Keyfax.

Currently Microsoft Entra ID can be used to centrally manage access and permissions for Keyfax script authors who require access to Keyfax Administrator Tools. This gives organisations central control over access to the administrative interface of Keyfax and provides script authors a seamless single sign-on experience. For example, with Microsoft Entra ID support enabled, script authors no longer need to enter a username and password to access Keyfax Administrator Tools as shown below\...

<figure><img src="/files/SZc6VSFxxOLqxvZS7dvs" alt=""><figcaption><p>Keyfax SSO allows Administration Tool access without requiring a username or password</p></figcaption></figure>

There are several possible configuration options for Keyfax SSO with Microsoft Entra ID:

1. **Authentication Only:** Authentication (i.e. ability to sign into the 'Keyfax Administration Tool' or 'Keyfax Web Staff') using Microsoft Entra ID user 'memberships' of roles or applications; whilst user permissions remain under the control of the User Maintenance page in the 'Keyfax Administration Tool'
2. **Authentication And Permissions:** Authentication and 'Keyfax Administration Tool' user permissions managed wholly by Microsoft Entra ID user 'memberships' of roles within the Microsoft Entra ID portal
3. **Application to Keyfax solution elements:** Either of the above for the 'Keyfax Administration Tool' only or 'Keyfax Web Staff' solution only or both.

What are the benefits of using Keyfax SSO via Microsoft Entra ID support:

1. **Improved Security:** By reducing password fatigue, users are less likely to reuse weak passwords. IT can enforce strong authentication methods like multi-factor authentication (MFA) alongside SSO, minimizing security risks.
2. **Better Compliance and Auditing:** SSO solutions offer centralized logging and monitoring, which improves visibility into access activities, supports regulatory compliance, and simplifies auditing.
3. **Simplified User Management:** IT teams can centrally manage authentication, making onboarding and offboarding more efficient. With SSO, revoking a user’s access across multiple platforms is easier and ensures compliance with security policies.

{% hint style="info" %}
Use of Keyfax SSO for the 'Keyfax Web Staff' solution with a host system that is not yet using Microsoft Entra ID single sign on is not advised as the usernames for both the host system and Microsoft Entra ID must match for successful data transfer between Keyfax and the host. &#x20;

However, as the usernames are the primary email address of the windows user in Microsoft Entra ID, if the host usernames can also be ensured to be the email address of the Staff, user data transition should be possible.
{% endhint %}

In addition, for call centre advisors and / or service staff Microsoft Entra ID can also be enabled to secure access and permissions for publicly facing installations of Keyfax Repair Diagnostics and / or Keyfax Enquiries Diagnostics. This is useful if you have a staff installation of Keyfax that needs to be accessed over the public internet but needs to be secure and only accessible to call centre advisors and / or service staff.

An example of editing a Microsoft Entra ID account via Keyfax Administrator Tools is shown below\...

<figure><img src="/files/83W2e6JeLEi8TTqk109e" alt=""><figcaption><p>Keyfax 4.4.7 Entra ID account</p></figcaption></figure>

To control permissions and access to Keyfax for users and groups, application roles can be created within the Entra ID admin centre and mapped to the permissions seen above.  In this configuration example, modification of permissions by the 'Keyfax Administration Tool' is disabled making permissions changes the jurisdiction of the IT department with control of Microsoft Entra ID.

Equally, an alternative configuration allows for the Keyfax permissions to be managed by the Keyfax Administrator (through the above page in the 'Keyfax Administration Tool') - in which case only the usernames and passwords are managed by Microsoft Entra ID.

Contact Omfax Support for more information.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.keyfax.biz/product-suite/admin/user_maintenance/keyfax-sso-via-microsoft-entra-id-support.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.