<aside>

Last updated: 01/13/2026

</aside>

Overview

Aviary supports a "Smart Sync" approach to identity management. While users can be managed manually within the Aviary UI, this guide details how to control roles, permissions, and group membership centrally from Microsoft Entra ID using SAML Attributes.

Loom Video: This is our video on a previous version of SAML auth in Entra that should help IT get setup. We will be releasing a more sophisticated video in the coming days. https://www.loom.com/share/10dfe1e2b50b4e17a528e0031b35bc11

The roles information in this video is out of date so you may need to refer to this guide below instead once the enterprise app is created.

How Synchronization Works

  1. Source of Truth: When a user logs in via SSO, Aviary inspects specific SAML attributes (Claims).
  2. Partial Updates: The synchronization is non-destructive.

Part 1: The Bootstrap Workflow

Because Aviary uses specific "SAML Identifiers" for Knowledge Base groups, you cannot simply guess the Group IDs. You must follow this one-time bootstrap workflow to retrieve the correct identifiers.

Step 1: Establish a Global Admin

The first user needs Global Admin access to set up the environment. In Entra ID, assign the following attribute to your primary IT Admin user:

Step 2: Configure Resources in Aviary

Knowledge Base:

  1. Log in to Aviary with the Global Admin account and make yourself a product_admin on KB. (You can use SAML attributes for this)
  2. Navigate to the Knowledge Base product.
  3. Create the necessary Groups (e.g., "HR Team", "Engineering").
  4. Configure Topics and assign them to these Groups with appropriate permissions (View Only, Contributor, Manager).

Voice Agent: