Plans 💳 : Unlimited+
User Permissions 👥: Admins
For legacy plans, please refer to the article here.
As a team manager, you need to clear roadblocks so your crew can focus on getting their work done. Whether it’s finding the right applications or simply making it easier to access them, fine tuning efficiency is key to success.
For teams that use Microsoft Azure AD, you can now connect it directly to Timely to add existing and new Azure AD users automatically in Timely.
Timely currently supports two configuration options for SAML SSO (single sign-on) and OAuth 2.0 SSO. OAuth 2.0 SSO is available for Azure AD and Microsoft accounts and is described here in detail.
Import and sync Azure AD users to Timely
Before you begin, you must be a Microsoft Azure AD admin in order to authenticate this integration.
Please note, by default this configuration is designed to import and sync all active users from the Azure AD instance to Timely. So all Azure AD users will receive invitations to the Timely workspace and will be assigned a paid seat as soon as they activate their accounts.
First, head to Settings > Integrations within your Timely account then click “Microsoft Azure AD”:
From there, you’ll enter your tenant ID, which can be found by going to the “Properties” section of your Azure Active Directory:
Submit that ID then select the account you want to connect:
In the permissions section of the authorization page, click the checkbox that says “Consent on behalf of your organization” then click “Accept”:
After accepting the permissions request, Azure AD users will be synced to Timely.
Setting up SAML SSO by adding the SP (Service Provider) configuration
You’re almost there! Before your imported users can access Timely, you’ll need to complete the Service Provider configuration.
The following steps can also be done independently from the previous steps to set up Azure AD SAML SSO without syncing the Azure AD users.
SP configuration steps
1. In the Azure portal, head to the “Azure AD SAML Toolkit” application integration page. Locate the “Manage” section and select Single sign-on, then SAML.
2. On the “Set up single sign-on with SAML” page, click the edit/pen icon for Basic SAML Configuration to edit the settings.
3. On the Basic SAML Configuration page, enter the values for the following fields:
a. In the Identifier (Entity ID) text box, enter this URL: https://auth.memory.ai/
b. In the Reply URL text box, enter this URL: https://auth.memory.ai/users/saml/auth
4. On the “Set up single sign-on with SAML” page, in the “SAML Signing Certificate” section, find Certificate (Base64) and select Download. You can download the Thumbprint too, but the Certificate is recommended.
5. On the “Set up Azure AD SAML Toolkit” section, copy these URL(s) to send to us (as the Service Provider).
6. As the Identity Provider, you also need to share the attributes which define unique Email, UUID and Name for your users with us (the Service Provider). You can find it under the “User Attributes & Claims” section.
Completing the SAML SSO process
This completes the set-up from your (Identity Provider) side. In order for us to complete the Service Provider side, kindly email us (email@example.com) with the following:
Certificate (Base64) (step 4)
URLs from step 5
User attributes from step 6
Email domains which include all current and future users (@mycompany.com, @myorganization.org, etc.)
Optional: List of Azure AD departments to limit the users who are synced/invited
We’ll make sure our developers complete the process so your imported users can access Timely as soon as possible.
Can I configure a SAML SSO setup for Azure AD without importing users automatically?
Yes, admins should begin this process by going through the steps above starting with the Setting up SAML SSO by adding the SP (Service Provider) configuration step. No action should be taken in the "Integrations" section within Timely for this set up.
Workspace admins should then email firstname.lastname@example.org to finalize the set up. Our team will take care of things from there!
Do I need to do anything after setting up the Azure AD integration so my team can use Timely?
When using the standard SAML SSO configuration, members of your team who are new to Timely will be added as Employee-level users without ties to any projects. You’ll want to edit them individually, making sure they have access to the right projects, rates, or privileges as per your team set-up in Timely.
Do these employees need to set anything up on their end to sign in via Microsoft?
Nope! You’ve done all the hard work as the admin; they’ll be able to use SSO as soon as the setup process in finished on your and on our side.
What about users that I’ve added to Azure AD after I set up the integration?
As long as the Azure AD integration is connected, the import will continue to take place on the backend after you’ve set it up — it will catch and connect any new users automatically for you.
Can I choose specific users or groups to import from Azure AD?
By default, the Azure AD integration will sync over all valid users in the Azure AD instance you connect.
If you would like to limit the sync of users to specific departments within Azure AD, please contact us at email@example.com before you connect the integration in Timely and our team can assist you through that process.