Integrate Azure AD

Azure Active Directory SSO Integration

This guide explains the process of configuring SAML-based Single Sign-On (SSO) between Microsoft Azure Active Directory and Tallyfy. This integration enables automated user authentication and provisioning.

Coordination Required

SSO setup requires exchanging configuration information between your organization and Tallyfy. This process cannot be completed independently. Please submit a support ticket to initiate the integration process.

Requirements

• Azure subscription with Azure Active Directory access
• Administrator privileges in Azure AD
• Tallyfy Professional or Enterprise plan
• SAML configuration values from Tallyfy Support

Implementation process overview

The integration involves three main phases:

1. Creating and configuring an Azure AD enterprise application
2. Configuring SAML settings in both systems
3. Enabling and testing the SSO integration

Phase 1: Create Azure AD enterprise application

Step 1: Access enterprise applications

1. Sign in to the Azure Portal ↗ with administrator credentials

2. Navigate to Azure Active Directory service

3. Select Enterprise Applications under the Manage section

4. Click +New application

5. Select Create your own application

   

Step 2: Define application properties

1. Enter “Tallyfy” as the application name

2. Select Integrate any other application you don’t find in the gallery (Non-gallery)

3. Click Create

   

Step 3: Assign users (Optional)

You can assign users to the application now or after completing the configuration:

Phase 2: Configure SAML settings

Step 1: Access SAML configuration

1. In the application’s sidebar under Manage, select Single sign-on

2. Choose SAML as the sign-on method

   

Step 2: Configure basic SAML settings

1. Click Edit in the Basic SAML Configuration section.

   

2. Obtain Tallyfy’s SAML values: Navigate to your organization’s profile in Tallyfy.

3. Go to the Org Settings tab.

4. Click Add Configuration Details.

5. Scroll down to view the default SAML values.

   

6. Enter the Tallyfy SP ACS URL into Azure AD’s Reply URL (Assertion Consumer Service URL) field.

7. Enter the Tallyfy SP Entity ID into Azure AD’s Identifier (Entity ID) field.

8. Click Save.

   

Step 3: Configure user attributes

This step is critical for proper user identification and provisioning. Configure each attribute as follows:

1. Configure the Name Identifier (User ID): Click the Unique User Identifier (Name ID) row.

   

2. Select Persistent for Name identifier format.

3. Select user.mail for Source attribute.

4. Click Save.

5. Configure the First Name Attribute: Click the attribute row (e.g., user.givenname).

   

6. Change Name to: FirstName (exact capitalization required).

7. Remove any value in the Namespace field.

8. Set Source attribute to: user.givenname.

9. Click Save.

10. Configure the Email attribute using the same process: Set Name to Email, ensure Namespace is empty, and set Source attribute appropriately (e.g., user.mail). Click Save.

11. Configure the Last Name attribute using the same process: Set Name to LastName, ensure Namespace is empty, and set Source attribute appropriately (e.g., user.surname). Click Save.

The final attribute configuration should look like this:

Phase 3: Complete integration with Tallyfy

Step 1: Obtain Azure AD SAML information

From the Azure AD application configuration:

1. Go to the Set up section.

2. Collect the Login URL.

3. Collect the Azure AD Identifier.

4. Download the Certificate (Base64) from the SAML Signing Certificate section.

   

Step 2: Configure Tallyfy with Azure AD information

1. Provide the collected Azure AD SAML information to Tallyfy Support

2. Tallyfy Support will enter this information in your organization’s SAML configuration

   

Step 3: Enable SAML authentication

After Tallyfy Support configures your SAML settings:

1. Toggle the SAML activation switch to enable SSO for your organization

   

User provisioning and access

Once the integration is complete:

1. Obtain the Tallyfy login URL from the SAML configuration modal (provided by Tallyfy Support)

2. Share this URL with your users who have access to the Azure AD application

   

Users can now access Tallyfy through this URL:

• Existing Tallyfy users will be automatically authenticated
• New users will be provisioned in Tallyfy upon their first login

Troubleshooting

If users encounter authentication issues:

1. Verify the user has been assigned to the Azure AD application.
2. Check that attribute mappings are correctly configured (exact names and capitalization).
3. Confirm the SAML certificate hasn’t expired.
4. Ensure users are accessing Tallyfy through the SSO URL.
5. Contact Tallyfy Support for assistance with persistent issues.

Related articles

Authentication > Integrate Okta

A comprehensive walkthrough for implementing SAML-based Single Sign-On between Okta and Tallyfy through application configuration user attribute mapping and SSO activation for automated user authentication and provisioning.

Authentication > Integrate OneLogin

A comprehensive walkthrough for setting up SAML Single Sign-On between OneLogin and Tallyfy by creating an application connector configuring SAML settings enabling user provisioning and testing the authentication flow.

Authentication > Integrate Google Suite

The comprehensive guide outlines the process of implementing SAML-based Single Sign-On between Google Workspace and Tallyfy through application setup attribute mapping and user access configuration for automated authentication.

Integrations > Authentication and SSO

Free Single Sign-On integration enables team members to access Tallyfy using their existing company credentials while providing enhanced security automated account setup and centralized user management through popular identity providers.