Generic SAML 2.0

  • Updated on Feb 13, 2026
  • Published on Feb 29, 2024
  • 2 minute(s) read
Prev Next

Step by step guide to configure a Generic SAML 2.0 Identity Provider within Visma

This guide describes how to configure a generic SAML 2.0 Identity Provider (IdP) in the Authentication Settings application. This allows your users to log in using your organization’s existing SSO solution (such as Microsoft Entra ID, Okta, or Google Workspace).

Prerequisites

  • Administrator access to the Authentication Settings application.

  • Administrator access to your external Identity Provider (IdP).

Step 1: Select SAML 2.0

  1. Sign in into Authentication Settings and go to the Single Sign-On page

    Single Sign-on

  2. Enter your mydomain (i.e. example)

  3. Click Add SAML2 Identity Provider and choose the option SSO

Step 2: Configure your external Identity Provider

Before you can finish the setup in Visma, you must first register the Visma application within your external IdP.

  1. In the Authentication Settings application, look at the section labeled 1. Configure SSO with the Visma metadata.

  2. You have two options to provide configuration data to your IdP:

    • Metadata URL: Copy the URL provided in the Metadata URL field and paste it into your IdP's configuration.

    • Manual Entry: If your IdP does not support URL import, copy the Entity ID, SAML Assertion Consumer (ACS URL), and SAML Logout URLs individually.

    • File Upload: Alternatively, click Download to get the metadata XML file and upload it to your IdP.

Configure SAML identity provider

Configure Claims

Your Identity Provider must send specific user attributes (claims) in the SAML response for the login to be successful.

In your external IdP, map the following attributes:

  • NameID: Must be a valid email address.

  • givenname: Map to the user's first name.

  • surname: Map to the user's last name.

Configure SAML claims

Step 3: Import IdP Metadata into Visma

Once you have configured your external IdP, it will generate a metadata URL or a metadata XML file. You need to provide this to Visma to complete the trust relationship.

  1. Scroll down to 2. Paste SSO metadata URL into Visma.

  2. Paste metadata URL: If your IdP provides a public metadata URL, paste it into this field.

  3. Upload metadata file: Alternatively, if you have an XML metadata file from your IdP, click Select file to preview data and upload it.

Configure SAML identity provider metadata

Step 4: Advanced Configuration

Configure the behavior of the login process and user provisioning in the 3. Advanced configuration section.

  • Relay State URL: (Optional) Enter a URL if a specific redirect is required after authentication.

  • Show this IdP as sign in option on the sign in page: Toggle ON to make a button for this provider visible on the login screen.

  • Sign in button text: Enter the text you want displayed on the button (e.g., "Log in with Corporate SSO").

  • Just-in-Time (JIT) User Provisioning:

    • ON: Users authenticating via this IdP who do not exist in the Visma system will be automatically created. Note that these users will have no application access rights by default.

    • OFF: You must manually create users in the Admin panel before they can log in via SSO.

  • Update profile each time a user signs in: If enabled, the user's First Name and Last Name in Visma will be updated to match the values sent by the IdP every time they log in.

  • Single Sign-Out:

    • ON: When a user logs out of Visma, Visma will attempt to call your IdP's single logout endpoint.

    • OFF: Choose this if you want to keep your own SSO session active even after the user signs out of the Visma application.

Configure SAML identity provider options

Step 5: Save

Once all configurations are set, click the Save button at the bottom of the page to apply the changes.

© 2026 Visma