Microsoft Entra ID
  • 28 Nov 2024
  • 3 Minutes to read
  • Dark
    Light
  • PDF

Microsoft Entra ID

  • Dark
    Light
  • PDF

Article summary

Step by step guide to configure Microsoft Entra ID (formerly known as Azure AD) as a SAML Identity Provider within Visma

Follow the steps below to configure Entra as a SAML Identity Provider within Visma. Keep Authentication Settings open in your browser while you access Entra in a new window or tab. You will need to return to the Single Sign-On page to complete the configuration steps.

Prerequisites

  • Microsoft account with Entra Premium activated

  • Global Admin or Co-admin account in Entra

  • All of your users under your account in Visma will need a pre-existing account in Azure Active Directory with exactly the same email address.

Configure Visma Single Sign-On app in Entra

  1. On the "Single Sign-On" page go to 1. Upload the Visma file into Azure AD section. Click on Download to download the Visma SAML metadata file. This is the Visma Single Sign-On metadata information you will need to provide to your Entra in order to configure Visma as a service provider.

    AuthSettings_SSO_EntraID_Add_Step1

  2. Log into your Microsoft Entra administrative portal.

  3. Click on the hamburger menu icon in the upper left-hand side of the page. Click  All services.

  4. Use the  Filter field to search for and select  Azure Active Directory.

    AuthSettings_SSO_EntraID_Add_Step4

  5. From the Azure Active Directory, click Enterprise applications.

  6. Click + New application at the top of the screen.

  7. On the Browse Entra Gallery page, type Visma in the Name field.

  8. Select the Visma app and click Create at the very bottom of the page.

    AuthSettings_SSO_EntraID_Add_Step8

  9. On the application Overview page, below Getting Started, click Assign users and groups.

    AuthSettings_SSO_EntraID_Add_Step9

  10. Click + Add users and select the users and groups that should have access to log in with Entra to Visma. Once the users and groups are selected, click Assign at the bottom of the page.

  11. On the left navigation click Single sign-on. Select SAML on the "Select a single sign-on method" page.

    AuthSettings_SSO_EntraID_Add_Step11

  12. On the  Basic SAML Configuration heading select  Upload metadata file. Upload the XML file that you have downloaded from Authentication Settings Entra setup page, at step 1.

    AuthSettings_SSO_EntraID_Add_Step12

  13. After you have successfully uploaded the XML file, all the fields within  Basic SAML Configuration section will be populated. Click  Save and close the "Basic SAML Configuration" editor.

    AuthSettings_SSO_EntraID_Add_Step13

  14. Go to the  User Attributes & Claims heading and select the  Edit icon. Ensure that the values are exactly as below.
    When a user authenticates to the application, Entra issues the application a SAML token with information (claims) about the user that uniquely identifies them. By default, this information includes the user's username, email address, first name and last name.

    AuthSettings_SSO_EntraID_Add_Step14

  15. Once all five claims have been added, click the  icon at the top right-hand side to close the view.

Configure Visma Single Sign-On to use Entra

  1. In the  SAML Signing Certificate section, ensure that the certificate status is  Active (it is valid for 3 years after it was added), if not, add a new certificate clicking on the edit (pencil) button. Enter a notification email for the certificate expiry reminders and click Save.

  2. Click the  App Federation Metadata Url copy button.
    Your Metadata XML link address should look like: https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxx/federationmetadata/2007-06/federationmetadata.xml?appid=xxxxxxxxxxxxxxxxxxxxxxx

    AuthSettings_SSO_EntraID_ConfigureVisma_Step2

  3. Paste this Metadata XML link address into the Single Sign-On page within Authentication Settings. It contains all your Entra endpoints and public certificate that Visma needs in order to complete the setup.

    AuthSettings_SSO_EntraID_ConfigureVisma_Step3

  4. Click  Save.

  5. After you've successfully saved your Entra integration, you will see your setup details on the Single Sign-On page, below MyDomain.

    AuthSettings_SSO_EntraID_ConfigureVisma_Step5

  6. Depending on your provider, the certificate can expire. In that case, we show an error message on the Entra setup.

    AuthSettings_SSO_EntraID_ConfigureVisma_Step6

  7. Go to  Entra and create or upload a new and valid certificate.

    AuthSettings_SSO_EntraID_ConfigureVisma_Step7

  8. Come back to Authentication Settings and click the  Edit icon or the  Entra link. Then click  Refresh certificate button and then click  Save.

    AuthSettings_SSO_EntraID_ConfigureVisma_Step8

Testing Single Sign-On after Visma has made its configuration

To make sure SSO is working, perform these steps:

  1. Log out and close the Azure management portal and the Entra access panel.

  2. In a new browser session, navigate directly to the access panel at https://myapps.microsoft.com.

  3. Enter your Entra credentials to log in. After authentication, you will be able to interact with the applications integrated with active directory.

  4. Click on the Visma application you have have created to be redirected and logged into Visma.

    AuthSettings_SSO_EntraID_Test_Step4

  5. Another way to test SSO access is to go to your Visma MyDomain, e.g. https://example.my.connect.visma.com directly, and then click the Entra button.

    AuthSettings_SSO_EntraID_Test_Step5

  6. Once you have verified that both ways are working, you may want to tell Visma to disable the Visma credentials so your users can only sign in with their Entra credentials.

Enable multifactor authentication in Entra ID

Some Visma applications might require your Entra ID users to authenticate with multifactor authentication (two-step authentication). Check Entra ID documentation for how to:


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.