Integrate Azure AD

Azure Active Directory SSO Integration

This guide explains the process of configuring SAML-based Single Sign-On (SSO) between Microsoft Azure Active Directory and Tallyfy. This integration enables seamless authentication and automated user provisioning.

Coordination Required

SSO setup requires exchanging configuration information between your organization and Tallyfy. This process cannot be completed independently. Please submit a support ticket to initiate the integration process.

Requirements

• Azure subscription with Azure Active Directory access
• Administrator privileges in Azure AD
• Tallyfy Professional or Enterprise plan
• SAML configuration values from Tallyfy Support

Implementation Process Overview

The integration involves three main phases:

1. Creating and configuring an Azure AD enterprise application
2. Configuring SAML settings in both systems
3. Enabling and testing the SSO integration

Phase 1: Create Azure AD Enterprise Application

Step 1: Access Enterprise Applications

1. Sign in to the Azure Portal ↗ with administrator credentials
2. Navigate to Azure Active Directory service
3. Select Enterprise Applications under the Manage section
4. Click +New application
5. Select Create your own application

Step 2: Define Application Properties

1. Enter “Tallyfy” as the application name
2. Select Integrate any other application you don’t find in the gallery (Non-gallery)
3. Click Create

Step 3: Assign Users (Optional)

You can assign users to the application now or after completing the configuration:

Phase 2: Configure SAML Settings

Step 1: Access SAML Configuration

1. In the application’s sidebar under Manage, select Single sign-on
2. Choose SAML as the sign-on method

Step 2: Configure Basic SAML Settings

1. Click Edit in the Basic SAML Configuration section

2. You will need to obtain Tallyfy’s SAML values:
   • Navigate to your organization’s profile in Tallyfy
   • Go to Org Settings tab
   • Click Add Configuration Details
   • Scroll down to view the default SAML values

3. Enter the following values in Azure AD:
   • Reply URL (Assertion Consumer Service URL): Enter the value from Tallyfy’s “SP ACS URL” field
   • Identifier (Entity ID): Enter the value from Tallyfy’s “SP Entity ID” field
4. Click Save

Step 3: Configure User Attributes

This step is critical for proper user identification and provisioning. Configure each attribute as follows:

1. Name Identifier (User ID)
   • Click on the Unique User Identifier (Name ID) row
   • Select Persistent for Name identifier format
   • Select user.mail for Source attribute
   • Click Save

2. First Name Attribute
   • Click on the attribute row (e.g., user.givenname)
   • Change Name to: FirstName (exact capitalization required)
   • Remove any value in the Namespace field
   • Set Source attribute to: user.givenname
   • Click Save

3. Configure Email and Last Name
   • Repeat the same process for Email and LastName attributes
   • Ensure exact attribute names and empty namespace fields

The final attribute configuration should look like this:

Phase 3: Complete Integration with Tallyfy

Step 1: Obtain Azure AD SAML Information

From the Azure AD application configuration:

1. Go to the Set up section
2. Collect the following information:
   • Login URL
   • Azure AD Identifier
   • Download the Certificate (Base64) from the SAML Signing Certificate section

Step 2: Configure Tallyfy with Azure AD Information

1. Provide the collected Azure AD SAML information to Tallyfy Support
2. Tallyfy Support will enter this information in your organization’s SAML configuration

Step 3: Enable SAML Authentication

After Tallyfy Support configures your SAML settings:

1. Toggle the SAML activation switch to enable SSO for your organization

User Provisioning and Access

Once the integration is complete:

1. Obtain the Tallyfy login URL from the SAML configuration modal (provided by Tallyfy Support)
2. Share this URL with your users who have access to the Azure AD application

Users can now access Tallyfy through this URL:

• Existing Tallyfy users will be automatically authenticated
• New users will be provisioned in Tallyfy upon their first login

Troubleshooting

If users encounter authentication issues:

• Verify the user has been assigned to the Azure AD application
• Check that attribute mappings are correctly configured (exact names and capitalization)
• Confirm the SAML certificate hasn’t expired
• Ensure users are accessing Tallyfy through the SSO URL
• Contact Tallyfy Support for assistance with persistent issues

Related articles

Authentication > Integrate Okta

A detailed walkthrough for implementing SAML-based Single Sign-On between Okta and Tallyfy through creating an Okta SAML application configuring authentication settings and enabling user provisioning for seamless access.

Authentication > Integrate OneLogin

SAML-based Single Sign-On integration between OneLogin and Tallyfy enables automated user provisioning through a three-phase setup process involving application creation configuration exchange and SSO testing.

Authentication > Integrate Google Suite

A detailed walkthrough for implementing SAML-based Single Sign-On between Google Workspace and Tallyfy which enables automated user provisioning through configuration of custom SAML applications user attributes and authentication settings.

Integrations > Authentication and SSO

Single Sign-On integration with Tallyfy enables seamless authentication through major identity providers while offering enhanced security automated user provisioning and centralized access management across organizations.