Articles in this section

Azure (Entra) setup

Follow these steps to set up Azure as an SSO provider for the Tipalti app.

  1. Log in to your Azure account.

    2. Use the same email you use to log into Tipalti

  2. Under Azure services, click Microsoft Entra ID.

    3. Azure active directory

    The company details display.

Before you begin, have a secured text password-sharing application (for example, 1Password) ready to paste your app registration details in to share with Tipalti.

  1. Click App registrations in the left menu. Then, click + New registration in the top tab menu.

    2. App regisrations page

    The Register an application page displays.

  2. Complete the form:

    1. In the Name field, enter the name of the application.
    2. In the Supported account types field, select Accounts in this organizational directory only (tipalti.com only - Single tenant).

    3. Scroll down to the Redirect URI section.

    4. From the Select a platform dropdown, select Web.
    5.  Copy and paste the following URLs for the Tipalti app.
      1. For Sandbox:
        • https://console2.sandbox.tipalti.com/api/v0/account/authorizesso
        • https://sso.sandbox.tipalti.com/api/authorization/v1/authorizesso
      2. For Production:
        • https://hub.tipalti.com/api/v0/account/authorizesso
        • https://sso.tipalti.com/api/authorization/v1/authorizesso
    6. Click Register.

      7. Register an application page

  3. Click Authentications in the left menu:

    1. In the Web section, click Add URl.

    2. Copy and paste a second URl (for the selected environment).

      1. For Sandbox:
        • https://console2.sandbox.tipalti.com/api/v0/account/authorizesso
        • https://sso.sandbox.tipalti.com/api/authorization/v1/authorizesso
      2. For Production:
        • https://hub.tipalti.com/api/v0/account/authorizesso
        • https://sso.tipalti.com/api/authorization/v1/authorizesso
    3. Click Add URI.

      4. Authentication page

    4. Click Save.

  4. Click Certificates & secrets in the left menu.

    5. App details page

  5. In Client secrets, click + New client secret.

    6. The Add a client secret right panel displays. 

  6. Complete the fields:

    1. In the Description field, enter a description for this client secret.

    2. Select the expiration period from the Expires dropdown based on your company policy. We recommend 365 days (12 months).

    3. Click Add.

      4. Add a client secret side pane

      The new client secret displays.

    4. Immediately, in the Value column, click the copy icon.

      5. Once you leave the page, the value is no longer visible..

    5. Paste and save the value to a secured text password-sharing application of your choice.

To complete the setup process, you need to provide Tipalti with the application registration details you generated in Azure using your secured text password-sharing application.

To get your Application (client ID) and OpenID Connect metadata document endpoint:

  1. In Azure, click App registrations.
  2. In either the All applications or Owned applications tab, go to your application listing.

  3. In the Application (client) ID field, copy the ID and paste it into your secured text password-sharing application.

    4. Application (client) ID value

  4. Click Endpoints in the top menu..
  5. In the Endpoint right-pane, click the copy icon in the OpenID Connect metadata document field.
  6. Paste it into the secured text password-sharing application.

    7. Enpoints right pane

  7. Send the document to Tipalti through the secured text password-sharing application. Check the document contains the app:

  8. Destroy the document as soon as you receive this confirmation.