Every employee simply wants to be able to log in and work with TOPdesk without having to remember passwords or manage duplicate accounts. With Single Sign-On (SSO) and user provisioning, you ensure that:

• One login for everything: employees use their Microsoft account (Entra ID) to log in to TOPdesk.

• Automatic account management: new employees immediately receive a TOPdesk account, and those leaving are automatically deactivated.

Joinly adds an extra layer to this: an integration that connects Entra ID and TOPdesk and automates complete user and rights management.

Set up SSO for TOPdesk

1. Create an enterprise app in Microsoft Entra ID

• In the Azure portal, go to Enterprise Applications and choose + New application.

• Search the gallery for TOPdesk and add the app.

• Give it a clear name, for example, TOPdesk Joinly SSO.

2. Activate SAML sign-on

• Select SAML under Single sign-on.

• Enter the login endpoint of your TOPdesk environment in the Reply URL, such as
  https://<yourdomain>/tas/public/login/verify.

• Add the correct Identifier/Entity ID (from TOPdesk).

3. Claims and certificate

• Check that the correct claim (e.g., UPN or email) is being sent.

• Copy the App Federation Metadata URL—you will use this later in TOPdesk.

4. Configure TOPdesk

• Log in to the TOPdesk admin portal.

• Go to Settings → Login Settings → SAML and add a new configuration.

• Paste the metadata URL from Entra ID, choose the correct claim, and save.

• Activate SSO and test with a test user.

After these steps, employees can log in directly to TOPdesk with their Microsoft account. For more detailed instructions, also see https://docs.topdesk.com/nl/single-sign-on-instellen-met-microsoft-entra-id.html.

Note: want to control who can log in to TOPdesk? Then restrict the app to only users who are part of a group. For example, a TopDesk application security group in Entra or multiple groups such as 'All employees in department X' and 'All employees in department Y'.

If you want to automatically populate these groups with users (based on their HR data), this is of course also possible via Joinly:

User provisioning: automatically create and manage accounts

With SSO alone, accounts still need to exist manually in TOPdesk. This is where Joinly comes in.

Joinly connects HR systems like AFAS, Nmbrs, or Exact with Entra ID and TOPdesk. As soon as HR adds a new employee:

HR data automatically enters Entra ID.

1. Joinly directly prepares a TOPdesk account with the correct role via SCIM provisioning.

2. When an employee leaves, the account is automatically deactivated.

Result: no duplicate entries, fewer errors, always up-to-date rights.

Practical example of creating an account in TOPDesk

• New employee: HR creates a record in AFAS. Joinly automatically creates an Entra ID and TOPdesk account.

• Job change: the employee is transferred to another department. Joinly immediately adjusts rights in TOPdesk.

• Departure: when an employee leaves, the TOPdesk account is blocked and later removed.

In summary

With Joinly, you connect Microsoft Entra ID and TOPdesk for both SSO and automatic user provisioning. Single log-in and fully automated account management—without manual actions or duplicate data.