Skip to content

Integrate Microsoft Entra ID SSO

Microsoft Entra ID SSO Integration

You’ll connect Microsoft Entra ID (formerly Azure Active Directory) to Tallyfy for seamless single sign-on in about 30 minutes. Your users get automatic authentication and account provisioning - no more password juggling.

Requirements

  • Microsoft Entra ID access
  • Administrator privileges in Microsoft Entra ID
  • Tallyfy Professional or Enterprise plan
  • SAML configuration values from Tallyfy Support

Implementation process overview

Here’s what you’ll do:

  1. Create a Microsoft Entra ID enterprise application
  2. Configure SAML settings in both systems
  3. Enable and test the SSO connection

SSO configuration flow

This diagram shows how Microsoft Entra ID, Tallyfy Support, and your admin work together to set up single sign-on.

Diagram

What to notice:

  • Steps 1-10 show the one-time setup collaboration between your Azure Admin and Tallyfy Support
  • Steps 11-15 demonstrate the user authentication flow that happens every time someone logs in
  • The coordination requirement (step 1) is essential - you can’t skip the support ticket

Phase 1: Create Microsoft Entra ID enterprise application

Step 1: Access enterprise applications

  1. Sign in to the Azure Portal with administrator credentials

  2. Navigate to Microsoft Entra ID service (may still show as Azure Active Directory in some interfaces)

  3. Select Enterprise Applications from the Manage section

  4. Click +New application

  5. Choose Create your own application

    Azure SSO integration setup view view view

Step 2: Define application properties

  1. Enter “Tallyfy” as the application name

  2. Select Integrate any other application you don’t find in the gallery (Non-gallery)

  3. Click Create

    Azure SSO integration setup view view view

Step 3: Assign users (Optional)

Want to assign users right away? Go ahead. You can also do this after completing the setup:

Azure SSO integration setup view view view

Phase 2: Configure SAML settings

Step 1: Access SAML configuration

  1. In the application’s sidebar under Manage, select Single sign-on

  2. Choose SAML as the sign-on method

    Azure SSO integration setup view view view

Step 2: Configure basic SAML settings

  1. Click Edit in the Basic SAML Configuration section.

    Azure SSO integration setup view view view

  2. Time to grab Tallyfy’s SAML values. Head to your organization’s profile in Tallyfy.

  3. Navigate to the Org Settings tab.

  4. Click Add Configuration Details.

  5. Scroll down to find the default SAML values.

    Azure SSO integration setup view view view Azure SSO integration setup view view view

  6. Copy the Tallyfy SP ACS URL into Microsoft Entra ID’s Reply URL (Assertion Consumer Service URL) field.

  7. Copy the Tallyfy SP Entity ID into Microsoft Entra ID’s Identifier (Entity ID) field.

  8. Click Save.

    Azure SSO integration setup view view view

Step 3: Configure user attributes

This step matters - get it wrong and users won’t sync properly. Let’s set up each attribute:

  1. Configure the Name Identifier (User ID): Click the Unique User Identifier (Name ID) row.

    Azure SSO integration setup view view view

  2. Select Persistent for Name identifier format.

  3. Choose user.mail for Source attribute.

  4. Click Save.

  5. Configure the First Name Attribute: Click the attribute row (typically user.givenname).

    Azure SSO integration setup view view view

  6. Change Name to: FirstName (capitalization matters here).

  7. Clear any value in the Namespace field.

  8. Set Source attribute to: user.givenname.

  9. Click Save.

  10. Configure the Email attribute the same way: Set Name to Email, ensure Namespace is empty, and set Source attribute to user.mail. Click Save.

  11. Configure the Last Name attribute similarly: Set Name to LastName, ensure Namespace is empty, and set Source attribute to user.surname. Click Save.

Your final attribute configuration should match this:

Azure SSO integration setup view view view

Phase 3: Complete integration with Tallyfy

Step 1: Obtain Microsoft Entra ID SAML information

Back in Microsoft Entra ID, you’ll need three things:

  1. Navigate to the Set up section.

  2. Copy the Login URL.

  3. Copy the Microsoft Entra ID Identifier.

  4. Download the Certificate (Base64) from the SAML Signing Certificate section.

    Azure SSO integration setup view view view

Step 2: Configure Tallyfy with Microsoft Entra ID information

  1. Send the collected Microsoft Entra ID SAML information to Tallyfy Support

  2. Tallyfy Support will configure your organization’s SAML settings with this information

    Azure SSO integration setup view view view

Step 3: Enable SAML authentication

Once Tallyfy Support confirms your SAML settings are ready:

  1. Flip the SAML activation toggle to enable SSO for your organization

    Azure SSO integration setup view view view

User provisioning and access

You’re almost done:

  1. Get your organization’s Tallyfy login URL from the SAML setup modal (Tallyfy Support provides this)

  2. Share this URL with users who have Azure AD access

    Azure SSO integration setup view view view

What happens when users visit this URL?

  • Existing Tallyfy users get authenticated instantly
  • New users are automatically provisioned on their first login

Troubleshooting

Users can’t log in? Here’s your troubleshooting checklist:

  1. Verify the user is assigned to the Microsoft Entra ID application.
  2. Double-check attribute mappings - names and capitalization must be exact.
  3. Confirm the SAML certificate hasn’t expired.
  4. Ensure users are using the SSO URL (not the regular login page).
  5. Still stuck? Contact Tallyfy Support.

Integrations > Authentication and SSO

Tallyfy offers free Single Sign-On integration for paid plans connecting to corporate identity systems like Microsoft Entra ID Google Workspace Okta and OneLogin with SSO-only enforcement options that can replace traditional e-signatures for internal approvals while providing enhanced security user experience and centralized access control through automated account provisioning and unified authentication policies.

Authentication > Integrate Okta SSO

Okta SAML/SSO integration with Tallyfy enables secure single sign-on authentication and automatic user provisioning through a collaborative 30-minute setup process that involves creating a SAML application in Okta configuring attribute mappings and working with Tallyfy Support to exchange configuration details.

Authentication > Integrate OneLogin SSO

OneLogin SAML/SSO integration with Tallyfy enables automatic user authentication and account creation through a collaborative 30-minute setup process involving creating a SAML application connector configuring settings in both systems and exchanging metadata with Tallyfy Support for seamless single sign-on with automatic user provisioning.

Authentication > Integrate JumpCloud SSO

JumpCloud SAML/SSO integration connects JumpCloud with Tallyfy for automatic user authentication and account creation through a 30-minute collaborative setup process involving creating a custom SAML application configuring service provider settings and exchanging metadata with Tallyfy Support to enable seamless single sign-on authentication.
Get in touch
About Tallyfy