Skip to content

Integrate Azure AD

Azure Active Directory SSO Integration

You’ll connect Microsoft Azure Active Directory to Tallyfy for seamless single sign-on in about 30 minutes. Your users get automatic authentication and account provisioning - no more password juggling.

Requirements

  • Azure subscription with Azure Active Directory access
  • Administrator privileges in Azure AD
  • Tallyfy Professional or Enterprise plan
  • SAML configuration values from Tallyfy Support

Implementation process overview

Here’s what you’ll do:

  1. Create an Azure AD enterprise application
  2. Configure SAML settings in both systems
  3. Enable and test the SSO connection

Phase 1: Create Azure AD enterprise application

Step 1: Access enterprise applications

  1. Sign in to the Azure Portal with administrator credentials

  2. Navigate to Azure Active Directory service

  3. Select Enterprise Applications from the Manage section

  4. Click +New application

  5. Choose Create your own application

    Create new application

Step 2: Define application properties

  1. Enter “Tallyfy” as the application name

  2. Select Integrate any other application you don’t find in the gallery (Non-gallery)

  3. Click Create

    Define application properties

Step 3: Assign users (Optional)

Want to assign users right away? Go ahead. You can also do this after completing the setup:

User assignment screen

Phase 2: Configure SAML settings

Step 1: Access SAML configuration

  1. In the application’s sidebar under Manage, select Single sign-on

  2. Choose SAML as the sign-on method

    Select SAML authentication

Step 2: Configure basic SAML settings

  1. Click Edit in the Basic SAML Configuration section.

    Edit basic SAML configuration

  2. Time to grab Tallyfy’s SAML values. Head to your organization’s profile in Tallyfy.

  3. Navigate to the Org Settings tab.

  4. Click Add Configuration Details.

  5. Scroll down to find the default SAML values.

    Tallyfy SAML values Tallyfy default SAML values

  6. Copy the Tallyfy SP ACS URL into Azure AD’s Reply URL (Assertion Consumer Service URL) field.

  7. Copy the Tallyfy SP Entity ID into Azure AD’s Identifier (Entity ID) field.

  8. Click Save.

    Enter SAML values in Azure

Step 3: Configure user attributes

This step matters - get it wrong and users won’t sync properly. Let’s set up each attribute:

  1. Configure the Name Identifier (User ID): Click the Unique User Identifier (Name ID) row.

    Configure Name ID

  2. Select Persistent for Name identifier format.

  3. Choose user.mail for Source attribute.

  4. Click Save.

  5. Configure the First Name Attribute: Click the attribute row (typically user.givenname).

    Configure First Name attribute

  6. Change Name to: FirstName (capitalization matters here).

  7. Clear any value in the Namespace field.

  8. Set Source attribute to: user.givenname.

  9. Click Save.

  10. Configure the Email attribute the same way: Set Name to Email, ensure Namespace is empty, and set Source attribute to user.mail. Click Save.

  11. Configure the Last Name attribute similarly: Set Name to LastName, ensure Namespace is empty, and set Source attribute to user.surname. Click Save.

Your final attribute configuration should match this:

Final attribute configuration

Phase 3: Complete integration with Tallyfy

Step 1: Obtain Azure AD SAML information

Back in Azure AD, you’ll need three things:

  1. Navigate to the Set up section.

  2. Copy the Login URL.

  3. Copy the Azure AD Identifier.

  4. Download the Certificate (Base64) from the SAML Signing Certificate section.

    Azure AD SAML information

Step 2: Configure Tallyfy with Azure AD information

  1. Send the collected Azure AD SAML information to Tallyfy Support

  2. Tallyfy Support will configure your organization’s SAML settings with this information

    Tallyfy SAML configuration

Step 3: Enable SAML authentication

Once Tallyfy Support confirms your SAML settings are ready:

  1. Flip the SAML activation toggle to enable SSO for your organization

    Enable SAML in Tallyfy

User provisioning and access

You’re almost done:

  1. Get your organization’s Tallyfy login URL from the SAML setup modal (Tallyfy Support provides this)

  2. Share this URL with users who have Azure AD access

    Tallyfy login URL

What happens when users visit this URL?

  • Existing Tallyfy users get authenticated instantly
  • New users are automatically provisioned on their first login

Troubleshooting

Users can’t log in? Here’s your troubleshooting checklist:

  1. Verify the user is assigned to the Azure AD application.
  2. Double-check attribute mappings - names and capitalization must be exact.
  3. Confirm the SAML certificate hasn’t expired.
  4. Ensure users are using the SSO URL (not the regular login page).
  5. Still stuck? Contact Tallyfy Support.

Authentication > Integrate Okta

A comprehensive walkthrough for implementing SAML-based Single Sign-On between Okta and Tallyfy through application configuration user attribute mapping and SSO activation for automated user authentication and provisioning.

Authentication > Integrate OneLogin

A comprehensive walkthrough for setting up SAML Single Sign-On between OneLogin and Tallyfy by creating an application connector configuring SAML settings enabling user provisioning and testing the authentication flow.

Integrations > Authentication and SSO

Tallyfy offers free Single Sign-On integration for paid plan customers that connects with enterprise identity providers like Microsoft Azure AD Google Workspace Okta and OneLogin to enable centralized authentication automated account provisioning enhanced security through existing corporate credentials and optional SSO-only enforcement for maximum compliance control.

Authentication > Integrate Google Suite

The comprehensive guide outlines the process of implementing SAML-based Single Sign-On between Google Workspace and Tallyfy through application setup attribute mapping and user access configuration for automated authentication.