Integrate Microsoft Entra ID SSO

Connect Microsoft Entra ID (formerly Azure Active Directory) to Tallyfy in about 30 minutes. Your users get automatic login and account creation - no separate passwords needed.

• Microsoft Entra ID administrator access
• Tallyfy Professional or Enterprise plan
• SAML config values from Tallyfy Support

1. Create a Microsoft Entra ID enterprise application
2. Configure SAML settings in both systems
3. Test the connection

You, Tallyfy Support, and Microsoft Entra ID work together through a three-party setup.

Key points:

• Steps 1-10 are one-time setup between you and Tallyfy Support
• Steps 11-15 happen every time someone logs in
• You can’t skip the support ticket (step 1)

1. Sign in to the Azure Portal ↗ with administrator credentials

2. Go to the Microsoft Entra ID service (may still show as Azure Active Directory in some interfaces)

3. Select Enterprise Applications from the Manage section

4. Click +New application

5. Choose Create your own application

   

1. Enter “Tallyfy” as the application name

2. Select Integrate any other application you don’t find in the gallery (Non-gallery)

3. Click Create

   

Assign users now or after setup - your choice:

1. In the application’s sidebar under Manage, select Single sign-on

2. Choose SAML as the sign-on method

   

1. Click Edit in the Basic SAML Configuration section.

   

2. In Tallyfy, go to your organization profile.

3. Open the Org Settings tab.

4. Click Add Configuration Details.

5. Scroll down to find the default SAML values.

   

6. Copy Tallyfy’s SP ACS URL to Microsoft Entra ID’s Reply URL (Assertion Consumer Service URL) field.

7. Copy Tallyfy’s SP Entity ID to Microsoft Entra ID’s Identifier (Entity ID) field.

8. Click Save.

   

These must be exact - wrong names or capitalization will break user sync.

1. Configure Name Identifier (User ID): Click the Unique User Identifier (Name ID) row.

   

2. Select Persistent for Name identifier format.

3. Choose user.mail for Source attribute.

4. Click Save.

5. Configure First Name Attribute: Click the attribute row (typically user.givenname).

   

6. Set Name to: FirstName (capitalization matters).

7. Clear the Namespace field.

8. Set Source attribute to: user.givenname.

9. Click Save.

10. Configure Email attribute: Set Name to Email, clear Namespace, set Source attribute to user.mail. Click Save.

11. Configure Last Name attribute: Set Name to LastName, clear Namespace, set Source attribute to user.surname. Click Save.

Your final attribute config should look like this:

You need three things from Microsoft Entra ID:

1. Go to the Set up section.

2. Copy the Login URL.

3. Copy the Microsoft Entra ID Identifier.

4. Download the Certificate (Base64) from the SAML Signing Certificate section.

   

1. Send these three items to Tallyfy Support

2. Tallyfy Support configures your SAML settings on their end

   

After Tallyfy Support confirms everything’s ready:

1. Turn on the SAML activation toggle

   

1. Get your organization’s SSO login URL from the SAML setup modal (Tallyfy Support provides this)

2. Share this URL with your Microsoft Entra ID users

   

When users visit this URL:

• Existing Tallyfy users log in automatically
• New users get an account created on first login

Users can’t log in? Check these:

1. User is assigned to the Microsoft Entra ID application
2. Attribute mappings are exact (names and capitalization)
3. SAML certificate hasn’t expired
4. Users are using the SSO URL (not regular login)
5. Still stuck? Contact Tallyfy Support