Step by step guide to configure Microsoft Entra ID (formerly known as Azure AD) as an OIDC Identity Provider within Visma

Follow the steps below to configure Entra ID as an OIDC Identity Provider within Visma. Keep Authentication Settings open in your browser while you access Entra ID in a new window or tab. You will need to return to the Single Sign-On page to complete the configuration steps.

Prerequisites

• Microsoft account with Entra activated

• Global Admin or Co-admin account in Entra

• All of your users under your account in Visma will need a pre-existing account in Microsoft Entra ID (formerly known as Azure AD Active Directory) with exactly the same email address.

A. Configure Visma Single Sign-On app with Okta

1. Sign in into Authentication Settings and go to the Single Sign-On page

   

2. Enter your mydomain (i.e. example)

3. “Add OIDC Identity Provider" choose Azure AD

4. From the Configure URIs in Azure AD section, copy the generated Redirect URI

   

B. Configure the OIDC application in Entra ID

Open a new tab/window in your browser and follow these steps:

1. Log into your Microsoft Entra ID administrative portal.

2. Click on the hamburger menu icon in the upper left-hand side of the page. Click  All services.

3. Use the  Filter field to search for and select  Microsoft Entra ID

4. From the  Microsoft Entra ID click App registrations

   

5. Click + New registration at the top of the screen.

6. Name your application and choose the supported account types which can access it

7. For the RedirectURI choose Web and paste the value copied from step  A.4  and click Register

   

8. Keep the Overview -Essentials tab  open and work in the Authentication Settings tab where you need to paste some values.

C Go back to Authentication Settings to continue the Single Sign-On setup with Entra ID

1. On section 2 Configure OpenID Connect Client enter the following values copied from your new app registration

   

2. For Authority use the following format: https://login.microsoftonline.com/your_tenantid_value/v2.0  where your_tenantid_value is the value copied from

   

3. For Client ID paste the value copied from Application (client ID)

   

4. In Entra ID from the new app registration Overview, go to the right and click Add a certificate or secret

   

5. Click + New secret

   

6. Name your secret and choose an expiration. Note: you have to generate a new secret and update the new value in Authentication Settings section 2 when the secret expires in Microsoft Entra ID

   

7. Click Save and copy the generated secret value from Microsoft Entra ID and paste it in Authentication Settings section 2 on Client secret. Note: you are able to view the secret in Entra only now when it’s newly generated.

   

8. In order to sign out the user from Visma when they sign out from Entra ID, you need to add the Front-channel logout URL in Entra ID on the following section:

   

9. Now go to section 3.Advanced Configuration where you can decide if you wish to Just in time provision users when they sign with Entra ID into Visma

   

10. Click Save

D. Test the Single Sign-On with Entra ID

To make sure SSO is working,  go to your Visma MyDomain e.g. https://example.my.connect.visma.com directly, and then click the Sign in with Azure AD button.

Once you have verified that the SSO is working, you can go to Policies and disable Visma credentials, so that your users are straight away redirected to your Entra ID