Follow these instructions to set up Azure AD single sign on for your organization on Lexio.


Upon successful complete of these instructions, reach out to your Narrative Science customer success resource for final verification of set-up.


You will need to provide Narrative Science with the following:

- Sign In URL

- X.509 Certificate


  1. Create the Lexio application within the Azure AD
    1. Log in to the Azure AD Admin dashboard and select Enterprise Applications from the list of Manage options in the left-hand navigation panel.
    2. Select + New Application
    3. Select Create your own application, and then enter a descriptive app name (e.g. "Lexio"). Under What are you looking to do with your application?, select Integrate any other application you don't find in the gallery (Non-gallery), then select Create.
  2. Configure SAML in the Azure AD application
    1. Select Single Sign On from the Manage options in the left-hand navigation panel. Select SAML.
    2. Click the Editicon in the top-right corner of Step 1. Input the following values:
      1. Identifier (Entity ID): urn:auth0:lexio-prod:$CONNECTION_NAME
        1. Replace $CONNECTION_NAME with the name of the Auth0 SAML connection.
      2. Reply URL (Assertion Consumer Service URL): https://auth.lexio.narrativescience.com/login/callback?connection=$CONNECTION_NAME
        1. Replace $CONNECTION_NAME with the name of the Auth0 SAML connection.
    3. Configure User Attributes and Claims
      1. The default attributes and claims are enough to successfully authenticate users — the IT Admin can choose to add more if they desire.
    4. Obtain Identity Provider Details
      1. Download the Certificate (Base64) (i.e. X.509 Certificate) from the SAML Signing Certificate section (Step. 3).
      2. Copy the Login URL (i.e. Sign In URL) from the Set up SAML App section (Step. 4).
  3. Assign Users & Groups to the application
    1. Select Users and groups from the Manage section of the navigation menu.
    2. Select Add user/group from the top menu.
    3. Select None selected under the Users and Groups. In the sliding menu, select the users and groups of users that you want to add to the SAML application, and click Select
    4. Select Assign to add the selected users and groups of users to your SAML application.
  4. Add Application ID URI
    1. Search for and select App Registrations in the top navigation bar.
    2. Select the recently created Lexio app.
    3. Click Add an Application ID URI within the Essentials section of the Overview screen.
    4. Add urn:auth0:lexio-prod:$CONNECTION_NAMEas the Application ID URI.
      1. Replace $CONNECTION_NAME with the name of the Auth0 SAML connection.
    5. Select Save