Pro
  • Set theme to dark (⇧+D)
    Pro

    Azure AD SAML/SSO integration

    In order to integrate Azure AD SAML/SSO with your Tallyfy organization, you will need to:

    • Set up and configure an Azure AD app with SAML support.
    • Use the Azure AD app’s settings to configure SAML on Tallyfy - which is done by Tallyfy’s support team
    • Enable SAML for your organization on Tallyfy, to start SSO authorization and user provisioning.

    ​​ Set up your custom Azure AD SAML application for Tallyfy

    ​​ Prepare the new Application

    • Sign in using an account with Administrator privileges.
    • Go to the Azure Active Directory service.
    • Select Enterprise Applications under Manage navigation menu item.
    • Click +New application.
    • Click Create your own application.

    image

    • Add a name for your app, and select Integrate any other application you don’t find in the gallery (Non-gallery) option.

    image

    We are separately in the process of being listed by default in the gallery.

    • Click Create.
    • You can add/assign users to this application:

    image

    ​​ Configure SAML settings

    • On the sidebar, below Manage click Single sign-on then select SAML:

    image

    • Click Edit in the Basic SAML Configuration section.

    image

    • In the Basic SAML Configuration window, we will need to fill the fields Reply URL (ACS URL), Entity ID for your custom app. These values are all provided by Tallyfy:

    image

    We will need to get the default SAML values from our organization in Tallyfy:

    • Select your Organization’s profile from the Support page.
    • Scroll to Org Settings tab:

    image

    • Click on Add Configuration Details: Ignore the empty fields for now and scroll down to the existing default values.

    image

    Now, we will fill the SAML settings in Azure AD, using those values:

    • Reply URL (Assertion Consumer Service URL): In this field, copy the value from SP ACS URL (Single Sign On URL). (number 1 in the screenshot above)
    • Identifier (Entity ID): copy the value from SP Entity ID (Audience URI). (number 2 in the screenshot above)
    • Click Save.

    ​​ Add necessary attribute names for Tallyfy

    • On the User Attributes & Claims section, click Edit on each field to change the names of the attributes

    This part is important, so each attribute should be filled correctly respecting the empty fields and upper/lower cases

    • First, we will update the user identifier, Click on the Unique User Identifier (Name ID) row:
    • Then select Persistent for Name identifier format, and user.mail for Source attribute, then click Save:

    image

    Move to the next attribute/row, for example click on user.givenname to edit it:

    • Change Name to FirstName.
    • Namespace should be empty, so remove its default value.
    • The Source attribute should be user.givenname.

    image

    • Do the same for the other attributes/rows Email and LastName. The resulting page after saving them should look like the screenshot below:

    image

    ​​ Configure SAML on Tallyfy

    Since you have an application ready - we will get the SAML data needed to configure SAML on Tallyfy.

    • On the 4- Set up Your app name section, get the setup information needed by Tallyfy:
    • Copy the Login URL and Azure AD Identifier and download the Certificate (Base64) from the 3- SAML Signing Certificate section:

    image

    We will use the values in the above page as SAML configs to integrate this app to our Tallyfy organization.

    • Go back to our Tallyfy Support page where the SAML configs modal is still open (this is done by Tallyfy staff) - then we fill the values respectively, as shown in the screenshot below:

    image

    • After successfully saving the configs, you will need to enable SAML in this organization.
    • Click on the toggle button next to Add Configuration Details:

    image

    Congratulations, now Single Sign-on and User Provisioning using Azure AD should be working successfully for your organization members!

    ​​ Provision new members to Tallyfy using SSO

    Go back to the Tallyfy Support page and open the SAML configs modal, copy the Tallyfy login URL and share it with your users who have access to the Azure AD SAML app. Note - Tallyfy Staff will provide this to you (the client).

    image

    Members or never-seen-before members can use this link to access Tallyfy. Existing users will just login, while new users will be added to your Tallyfy organization.