Connecting Timely with Microsoft Entra ID (Azure AD)

Plans: Unlimited+ · Permissions: Admins

Integrations Single Sign-On (SSO) Handbook Invite Microsoft Entra ID users to Timely and enable single sign-on for faster access.

For teams that use Microsoft Entra ID (formerly Azure AD), you can connect it directly to Timely to add existing and new users automatically.

Timely supports two configuration options: SAML SSO (single sign-on) and OAuth 2.0 SSO. OAuth 2.0 SSO is available for Microsoft Entra ID and Microsoft accounts.

Import and sync Azure AD users to Timely

1. Head to Settings > Integrations within Timely, then click “Microsoft Azure AD”

2. Enter your tenant ID (found in the “Properties” section of your Azure Active Directory)

3. Submit that ID then select the account you want to connect

4. Check the “Consent on behalf of your organization” checkbox, then click “Accept”

After accepting, Azure AD users will be synced to Timely.

Setting up SAML SSO

These steps can also be done independently to set up SAML SSO without syncing users.

Create an enterprise application

1. In the Azure portal, head to Microsoft Entra ID > Enterprise applications, then click New application

2. Click Create your own application

3. Give the application a name (e.g. “Timely SSO”), select Integrate any other application you don’t find in the gallery (Non-gallery), then click Create

Configure SAML

4. In the new application, under Manage, select Single sign-on

5. Select SAML as the single sign-on method

6. Click the edit icon for Basic SAML Configuration

7. Enter these values, then save:
   • Identifier (Entity ID): https://auth.timely.com/
   • Reply URL (Assertion Consumer Service URL): https://auth.timely.com/users/saml/auth

Collect the values Timely needs

Once the SAML configuration is saved, collect the following from the Single sign-on page of your application:

Value	What it is	Where to find it
Entity ID	Unique identifier for the IdP	Azure AD Identifier (labelled Microsoft Entra Identifier in newer portals) in the “Set up” section
SSO Target URL	IdP endpoint where SAML authentication requests are sent	Login URL in the “Set up” section
SLO Target URL	IdP endpoint for Single Logout requests	Logout URL in the “Set up” section
IdP Certificate	X.509 certificate used to verify SAML response signatures	SAML Signing Certificate section — download Certificate (Base64)

Completing the SAML SSO process

Email [email protected] with:

1. The Entity ID, SSO Target URL, and SLO Target URL from the table above
2. The Certificate (Base64) — paste or attach the full PEM-encoded certificate, including the BEGIN/END lines
3. Email domains for all current and future users
4. Optional: List of departments to limit synced users

FAQs

Can I configure SAML SSO without importing users automatically?

Yes — skip the “Integrations” section in Timely and begin with the SAML SSO SP configuration steps above. Then email [email protected] to finalize.

Do I need to do anything after setting up the integration?

New team members will be added as Employee-level users without project access. You’ll want to edit them individually to set the right projects, rates, and privileges.

Do employees need to set anything up?

Nope! They’ll be able to use SSO as soon as the setup process is finished.

What about users added to Azure AD later?

The import continues automatically — new users will be caught and connected for you.

Can I choose specific users or groups to import?

By default, all valid users sync. To limit by department, contact [email protected] before connecting the integration.