Integrate Microsoft Entra ID SSO

Microsoft Entra ID SSO Integration

You’ll connect Microsoft Entra ID (formerly Azure Active Directory) to Tallyfy for seamless single sign-on in about 30 minutes. Your users get automatic authentication and account provisioning - no more password juggling.

Coordination Required

SSO setup requires exchanging configuration details between your organization and Tallyfy. You can’t complete this solo. Submit a support ticket to get started.

Requirements

• Microsoft Entra ID access
• Administrator privileges in Microsoft Entra ID
• Tallyfy Professional or Enterprise plan
• SAML configuration values from Tallyfy Support

Implementation process overview

Here’s what you’ll do:

1. Create a Microsoft Entra ID enterprise application
2. Configure SAML settings in both systems
3. Enable and test the SSO connection

SSO configuration flow

This diagram shows how Microsoft Entra ID, Tallyfy Support, and your admin work together to set up single sign-on.

What to notice:

• Steps 1-10 show the one-time setup collaboration between your Azure Admin and Tallyfy Support
• Steps 11-15 demonstrate the user authentication flow that happens every time someone logs in
• The coordination requirement (step 1) is essential - you can’t skip the support ticket

Phase 1: Create Microsoft Entra ID enterprise application

Step 1: Access enterprise applications

1. Sign in to the Azure Portal ↗ with administrator credentials

2. Navigate to Microsoft Entra ID service (may still show as Azure Active Directory in some interfaces)

3. Select Enterprise Applications from the Manage section

4. Click +New application

5. Choose Create your own application

   

Step 2: Define application properties

1. Enter “Tallyfy” as the application name

2. Select Integrate any other application you don’t find in the gallery (Non-gallery)

3. Click Create

   

Step 3: Assign users (Optional)

Want to assign users right away? Go ahead. You can also do this after completing the setup:

Phase 2: Configure SAML settings

Step 1: Access SAML configuration

1. In the application’s sidebar under Manage, select Single sign-on

2. Choose SAML as the sign-on method

   

Step 2: Configure basic SAML settings

1. Click Edit in the Basic SAML Configuration section.

   

2. Time to grab Tallyfy’s SAML values. Head to your organization’s profile in Tallyfy.

3. Navigate to the Org Settings tab.

4. Click Add Configuration Details.

5. Scroll down to find the default SAML values.

   

6. Copy the Tallyfy SP ACS URL into Microsoft Entra ID’s Reply URL (Assertion Consumer Service URL) field.

7. Copy the Tallyfy SP Entity ID into Microsoft Entra ID’s Identifier (Entity ID) field.

8. Click Save.

   

Step 3: Configure user attributes

This step matters - get it wrong and users won’t sync properly. Let’s set up each attribute:

1. Configure the Name Identifier (User ID): Click the Unique User Identifier (Name ID) row.

   

2. Select Persistent for Name identifier format.

3. Choose user.mail for Source attribute.

4. Click Save.

5. Configure the First Name Attribute: Click the attribute row (typically user.givenname).

   

6. Change Name to: FirstName (capitalization matters here).

7. Clear any value in the Namespace field.

8. Set Source attribute to: user.givenname.

9. Click Save.

10. Configure the Email attribute the same way: Set Name to Email, ensure Namespace is empty, and set Source attribute to user.mail. Click Save.

11. Configure the Last Name attribute similarly: Set Name to LastName, ensure Namespace is empty, and set Source attribute to user.surname. Click Save.

Your final attribute configuration should match this:

Phase 3: Complete integration with Tallyfy

Step 1: Obtain Microsoft Entra ID SAML information

Back in Microsoft Entra ID, you’ll need three things:

1. Navigate to the Set up section.

2. Copy the Login URL.

3. Copy the Microsoft Entra ID Identifier.

4. Download the Certificate (Base64) from the SAML Signing Certificate section.

   

Step 2: Configure Tallyfy with Microsoft Entra ID information

1. Send the collected Microsoft Entra ID SAML information to Tallyfy Support

2. Tallyfy Support will configure your organization’s SAML settings with this information

   

Step 3: Enable SAML authentication

Once Tallyfy Support confirms your SAML settings are ready:

1. Flip the SAML activation toggle to enable SSO for your organization

   

User provisioning and access

You’re almost done:

1. Get your organization’s Tallyfy login URL from the SAML setup modal (Tallyfy Support provides this)

2. Share this URL with users who have Azure AD access

   

What happens when users visit this URL?

• Existing Tallyfy users get authenticated instantly
• New users are automatically provisioned on their first login

Troubleshooting

Users can’t log in? Here’s your troubleshooting checklist:

1. Verify the user is assigned to the Microsoft Entra ID application.
2. Double-check attribute mappings - names and capitalization must be exact.
3. Confirm the SAML certificate hasn’t expired.
4. Ensure users are using the SSO URL (not the regular login page).
5. Still stuck? Contact Tallyfy Support.

Advanced Microsoft Entra ID Integration

Microsoft Entra ID’s OAuth 2.0 and On-Behalf-Of token exchange capabilities make it well-suited for advanced integrations with AI systems. As of 2024, Microsoft has unified its identity products under the Entra brand, improving multicloud support and eliminating confusion with Windows Server Active Directory. Learn about enterprise SSO patterns with MCP servers to extend your Microsoft Entra ID identity governance to AI-powered workflow automation.

Related articles

Integrations > Authentication and SSO

Tallyfy offers free SSO integration with enterprise identity providers like Microsoft Entra ID Google Workspace Okta and OneLogin allowing teams to use corporate credentials for secure authentication while also enabling SSO-based approvals as a cost-effective alternative to traditional e-signature solutions for internal company processes.

Authentication > Integrate OneLogin SSO

OneLogin SAML/SSO integration with Tallyfy enables automatic user authentication through OneLogin credentials via a collaborative setup process that involves creating a SAML application connector configuring authentication settings and working with Tallyfy Support to exchange configuration details for seamless single sign-on with automatic user provisioning.

Authentication > Integrate Okta SSO

Okta SAML/SSO integration with Tallyfy enables automatic user authentication and account creation through a three-phase setup process involving creating an Okta SAML application configuring settings in both systems and coordinating with Tallyfy Support to exchange configuration metadata for seamless single sign-on within 30 minutes.

Authentication > Integrate Google Workspace

Google Workspace integrates with Tallyfy through SAML-based single sign-on by creating a custom SAML application in Google Admin console configuring identity provider details and attribute mapping then working with Tallyfy Support to complete the setup for automatic user authentication and provisioning.