Integrate Azure AD

Azure Active Directory SSO Integration

This guide covers the process of setting up SAML-based Single Sign-On (SSO) between Microsoft Azure Active Directory and Tallyfy. This integration allows automated user authentication and provisioning.

Coordination Required

SSO setup needs exchanging configuration information between your organization and Tallyfy. This process can’t be completed independently. Please submit a support ticket to start the integration process.

Requirements

• Azure subscription with Azure Active Directory access
• Administrator privileges in Azure AD
• Tallyfy Professional or Enterprise plan
• SAML configuration values from Tallyfy Support

Implementation process overview

The integration includes three main phases:

1. Creating and setting up an Azure AD enterprise application
2. Setting up SAML settings in both systems
3. Turning on and testing the SSO integration

Phase 1: Create Azure AD enterprise application

Step 1: Access enterprise applications

1. Sign in to the Azure Portal ↗ with administrator credentials

2. Go to Azure Active Directory service

3. Pick Enterprise Applications under the Manage section

4. Click +New application

5. Pick Create your own application

   

Step 2: Define application properties

1. Type “Tallyfy” as the application name

2. Pick Integrate any other application you don’t find in the gallery (Non-gallery)

3. Click Create

   

Step 3: Assign users (Optional)

You can assign users to the application now or after finishing the setup:

Phase 2: Configure SAML settings

Step 1: Access SAML configuration

1. In the application’s sidebar under Manage, pick Single sign-on

2. Pick SAML as the sign-on method

   

Step 2: Configure basic SAML settings

1. Click Edit in the Basic SAML Configuration section.

   

2. Get Tallyfy’s SAML values: Go to your organization’s profile in Tallyfy.

3. Go to the Org Settings tab.

4. Click Add Configuration Details.

5. Scroll down to see the default SAML values.

   

6. Put the Tallyfy SP ACS URL into Azure AD’s Reply URL (Assertion Consumer Service URL) field.

7. Put the Tallyfy SP Entity ID into Azure AD’s Identifier (Entity ID) field.

8. Click Save.

   

Step 3: Configure user attributes

This step is crucial for proper user identification and provisioning. Set up each attribute as follows:

1. Set up the Name Identifier (User ID): Click the Unique User Identifier (Name ID) row.

   

2. Pick Persistent for Name identifier format.

3. Pick user.mail for Source attribute.

4. Click Save.

5. Set up the First Name Attribute: Click the attribute row (e.g., user.givenname).

   

6. Change Name to: FirstName (exact capitalization needed).

7. Clear any value in the Namespace field.

8. Set Source attribute to: user.givenname.

9. Click Save.

10. Set up the Email attribute using the same process: Set Name to Email, make sure Namespace is empty, and set Source attribute properly (e.g., user.mail). Click Save.

11. Set up the Last Name attribute using the same process: Set Name to LastName, make sure Namespace is empty, and set Source attribute properly (e.g., user.surname). Click Save.

The final attribute setup should look like this:

Phase 3: Complete integration with Tallyfy

Step 1: Obtain Azure AD SAML information

From the Azure AD application setup:

1. Go to the Set up section.

2. Get the Login URL.

3. Get the Azure AD Identifier.

4. Download the Certificate (Base64) from the SAML Signing Certificate section.

   

Step 2: Configure Tallyfy with Azure AD information

1. Give the collected Azure AD SAML information to Tallyfy Support

2. Tallyfy Support will put this information in your organization’s SAML setup

   

Step 3: Enable SAML authentication

After Tallyfy Support sets up your SAML settings:

1. Switch the SAML activation toggle to turn on SSO for your organization

   

User provisioning and access

Once the integration finishes:

1. Get the Tallyfy login URL from the SAML setup modal (provided by Tallyfy Support)

2. Share this URL with your users who have access to the Azure AD application

   

Users can now access Tallyfy through this URL:

• Existing Tallyfy users will get automatically authenticated
• New users will get set up in Tallyfy when they first log in

Troubleshooting

If users run into authentication problems:

1. Check that the user has been assigned to the Azure AD application.
2. Make sure attribute mappings are set up correctly (exact names and capitalization).
3. Check that the SAML certificate hasn’t expired.
4. Make sure users are accessing Tallyfy through the SSO URL.
5. Contact Tallyfy Support for help with ongoing issues.

Advanced Azure AD Integration with AI Tools

Azure AD’s OAuth 2.1 and On-Behalf-Of token exchange capabilities make it well-suited for advanced integrations with AI systems. Learn about enterprise SSO patterns with MCP servers to extend your Azure AD identity governance to AI-powered workflow automation.

Related articles

Authentication > Integrate Okta

A comprehensive walkthrough for implementing SAML-based Single Sign-On between Okta and Tallyfy through application configuration user attribute mapping and SSO activation for automated user authentication and provisioning.

Authentication > Integrate OneLogin

A comprehensive walkthrough for setting up SAML Single Sign-On between OneLogin and Tallyfy by creating an application connector configuring SAML settings enabling user provisioning and testing the authentication flow.

Integrations > Authentication and SSO

Tallyfy offers free Single Sign-On integration for paid plan customers that connects with enterprise identity providers like Microsoft Azure AD Google Workspace Okta and OneLogin to enable centralized authentication automated account provisioning enhanced security through existing corporate credentials and optional SSO-only enforcement for maximum compliance control.

Authentication > Integrate Google Suite

The comprehensive guide outlines the process of implementing SAML-based Single Sign-On between Google Workspace and Tallyfy through application setup attribute mapping and user access configuration for automated authentication.