Integrate Azure AD SSO

Azure Active Directory SSO Integration

You’ll connect Microsoft Azure Active Directory to Tallyfy for seamless single sign-on in about 30 minutes. Your users get automatic authentication and account provisioning - no more password juggling.

Coordination Required

SSO setup requires exchanging configuration details between your organization and Tallyfy. You can’t complete this solo. Submit a support ticket to get started.

Requirements

• Azure subscription with Azure Active Directory access
• Administrator privileges in Azure AD
• Tallyfy Professional or Enterprise plan
• SAML configuration values from Tallyfy Support

Implementation process overview

Here’s what you’ll do:

1. Create an Azure AD enterprise application
2. Configure SAML settings in both systems
3. Enable and test the SSO connection

SSO configuration flow

This diagram shows how Azure AD, Tallyfy Support, and your admin work together to set up single sign-on.

What to notice:

• Steps 1-10 show the one-time setup collaboration between your Azure Admin and Tallyfy Support
• Steps 11-15 demonstrate the user authentication flow that happens every time someone logs in
• The coordination requirement (step 1) is essential - you can’t skip the support ticket

Phase 1: Create Azure AD enterprise application

Step 1: Access enterprise applications

1. Sign in to the Azure Portal ↗ with administrator credentials

2. Navigate to Azure Active Directory service

3. Select Enterprise Applications from the Manage section

4. Click +New application

5. Choose Create your own application

   

Step 2: Define application properties

1. Enter “Tallyfy” as the application name

2. Select Integrate any other application you don’t find in the gallery (Non-gallery)

3. Click Create

   

Step 3: Assign users (Optional)

Want to assign users right away? Go ahead. You can also do this after completing the setup:

Phase 2: Configure SAML settings

Step 1: Access SAML configuration

1. In the application’s sidebar under Manage, select Single sign-on

2. Choose SAML as the sign-on method

   

Step 2: Configure basic SAML settings

1. Click Edit in the Basic SAML Configuration section.

   

2. Time to grab Tallyfy’s SAML values. Head to your organization’s profile in Tallyfy.

3. Navigate to the Org Settings tab.

4. Click Add Configuration Details.

5. Scroll down to find the default SAML values.

   

6. Copy the Tallyfy SP ACS URL into Azure AD’s Reply URL (Assertion Consumer Service URL) field.

7. Copy the Tallyfy SP Entity ID into Azure AD’s Identifier (Entity ID) field.

8. Click Save.

   

Step 3: Configure user attributes

This step matters - get it wrong and users won’t sync properly. Let’s set up each attribute:

1. Configure the Name Identifier (User ID): Click the Unique User Identifier (Name ID) row.

   

2. Select Persistent for Name identifier format.

3. Choose user.mail for Source attribute.

4. Click Save.

5. Configure the First Name Attribute: Click the attribute row (typically user.givenname).

   

6. Change Name to: FirstName (capitalization matters here).

7. Clear any value in the Namespace field.

8. Set Source attribute to: user.givenname.

9. Click Save.

10. Configure the Email attribute the same way: Set Name to Email, ensure Namespace is empty, and set Source attribute to user.mail. Click Save.

11. Configure the Last Name attribute similarly: Set Name to LastName, ensure Namespace is empty, and set Source attribute to user.surname. Click Save.

Your final attribute configuration should match this:

Phase 3: Complete integration with Tallyfy

Step 1: Obtain Azure AD SAML information

Back in Azure AD, you’ll need three things:

1. Navigate to the Set up section.

2. Copy the Login URL.

3. Copy the Azure AD Identifier.

4. Download the Certificate (Base64) from the SAML Signing Certificate section.

   

Step 2: Configure Tallyfy with Azure AD information

1. Send the collected Azure AD SAML information to Tallyfy Support

2. Tallyfy Support will configure your organization’s SAML settings with this information

   

Step 3: Enable SAML authentication

Once Tallyfy Support confirms your SAML settings are ready:

1. Flip the SAML activation toggle to enable SSO for your organization

   

User provisioning and access

You’re almost done:

1. Get your organization’s Tallyfy login URL from the SAML setup modal (Tallyfy Support provides this)

2. Share this URL with users who have Azure AD access

   

What happens when users visit this URL?

• Existing Tallyfy users get authenticated instantly
• New users are automatically provisioned on their first login

Troubleshooting

Users can’t log in? Here’s your troubleshooting checklist:

1. Verify the user is assigned to the Azure AD application.
2. Double-check attribute mappings - names and capitalization must be exact.
3. Confirm the SAML certificate hasn’t expired.
4. Ensure users are using the SSO URL (not the regular login page).
5. Still stuck? Contact Tallyfy Support.

Advanced Azure AD Integration with AI Tools

Azure AD’s OAuth 2.1 and On-Behalf-Of token exchange capabilities make it well-suited for advanced integrations with AI systems. Learn about enterprise SSO patterns with MCP servers to extend your Azure AD identity governance to AI-powered workflow automation.

Related articles

Authentication > Integrate Okta SSO

Okta SAML/SSO integration with Tallyfy establishes single sign-on authentication through a collaborative setup process involving creating an Okta SAML application configuring identity provider settings and working with Tallyfy Support to exchange configuration details for seamless user authentication and automatic account provisioning.

Authentication > Integrate OneLogin SSO

Setting up OneLogin SAML/SSO integration with Tallyfy requires creating a SAML connector configuring authentication settings and coordinating with Tallyfy Support to exchange configuration metadata for automatic user authentication and provisioning.

Integrations > Authentication and SSO

Tallyfy offers free Single Sign-On integration for paid plans that connects to enterprise identity providers like Azure AD Google Workspace Okta and OneLogin within 30 minutes while providing security benefits automatic account provisioning and the ability to replace traditional e-signature solutions with SSO-based approvals for internal company processes.

Authentication > Integrate Google Workspace

Google Workspace SAML/SSO integration with Tallyfy enables automatic user authentication through Google credentials via a three-phase setup process requiring coordination with Tallyfy Support to create a custom SAML application configure attribute mappings and enable seamless single sign-on with automatic user provisioning.