Integrate Microsoft Entra ID SSO

Connect Microsoft Entra ID (formerly Azure Active Directory) to Tallyfy in about 30 minutes. Your users get automatic authentication and account creation - no password juggling.

• Microsoft Entra ID access
• Administrator privileges in Microsoft Entra ID
• Tallyfy Professional or Enterprise plan
• SAML configuration values from Tallyfy Support

1. Create a Microsoft Entra ID enterprise application
2. Configure SAML settings in both systems
3. Test the SSO connection

Microsoft Entra ID, Tallyfy Support, and you work together to set up single sign-on.

What to notice:

• Steps 1-10 show the one-time setup between you and Tallyfy Support
• Steps 11-15 show what happens every time someone logs in
• You can’t skip the support ticket (step 1)

1. Sign in to the Azure Portal ↗ with administrator credentials

2. Navigate to Microsoft Entra ID service (may still show as Azure Active Directory in some interfaces)

3. Select Enterprise Applications from the Manage section

4. Click +New application

5. Choose Create your own application

   

1. Enter “Tallyfy” as the application name

2. Select Integrate any other application you don’t find in the gallery (Non-gallery)

3. Click Create

   

Assign users now or after setup - your choice:

1. In the application’s sidebar under Manage, select Single sign-on

2. Choose SAML as the sign-on method

   

1. Click Edit in the Basic SAML Configuration section.

   

2. Get Tallyfy’s SAML values from your organization profile in Tallyfy.

3. Go to Org Settings tab.

4. Click Add Configuration Details.

5. Scroll down to find the default SAML values.

   

6. Copy Tallyfy’s SP ACS URL to Microsoft Entra ID’s Reply URL (Assertion Consumer Service URL) field.

7. Copy Tallyfy’s SP Entity ID to Microsoft Entra ID’s Identifier (Entity ID) field.

8. Click Save.

   

Get this right or users won’t sync. Here’s each attribute:

1. Configure Name Identifier (User ID): Click the Unique User Identifier (Name ID) row.

   

2. Select Persistent for Name identifier format.

3. Choose user.mail for Source attribute.

4. Click Save.

5. Configure First Name Attribute: Click the attribute row (typically user.givenname).

   

6. Set Name to: FirstName (capitalization matters).

7. Clear the Namespace field.

8. Set Source attribute to: user.givenname.

9. Click Save.

10. Configure Email attribute: Set Name to Email, clear Namespace, set Source attribute to user.mail. Click Save.

11. Configure Last Name attribute: Set Name to LastName, clear Namespace, set Source attribute to user.surname. Click Save.

Your final attribute configuration should match this:

You need three things from Microsoft Entra ID:

1. Go to the Set up section.

2. Copy the Login URL.

3. Copy the Microsoft Entra ID Identifier.

4. Download the Certificate (Base64) from the SAML Signing Certificate section.

   

1. Send the Microsoft Entra ID SAML information to Tallyfy Support

2. Tallyfy Support configures your SAML settings

   

After Tallyfy Support confirms everything’s ready:

1. Turn on the SAML activation toggle

   

Almost done:

1. Get your organization’s Tallyfy login URL from the SAML setup modal (Tallyfy Support provides this)

2. Share this URL with users who have Microsoft Entra ID access

   

What happens when users visit this URL?

• Existing Tallyfy users get authenticated instantly
• New users are created automatically on first login

Users can’t log in? Check these:

1. User is assigned to the Microsoft Entra ID application
2. Attribute mappings are exact (names and capitalization)
3. SAML certificate hasn’t expired
4. Users are using the SSO URL (not regular login)
5. Still stuck? Contact Tallyfy Support