What is Connect?

Connect is Visma’s central Identity Provider for managing employee logins. It acts as a secure digital gateway. With Connect, you use one set of login credentials (your email address and password, or Single Sign-On via another Identity Provider) to securely access all Visma products and connected services. Instead of logging into each application separately, Connect allows you to sign in once to access Spend Cloud and, where applicable, all other Visma applications.

Please note: Connect is currently being rolled out in phases and is currently only available to a pilot group. As soon as Connect becomes available for your Spend Cloud environment, you will receive an email with further information.

What has changed?

Previously, we used a self-developed login tool. While this login method is secure, it does not support features such as Multi-Factor Authentication (MFA), making the current solution less future-proof. In addition, it requires significant maintenance.

With Connect, we use a specialized authentication solution that guarantees a high level of security. Connect continuously implements security updates and other improvements to ensure the login process remains as secure as possible.

What are the benefits?

Security

Multi-Factor Authentication (MFA)

Users can add an extra layer of security (such as a code generated through an app), significantly reducing the risk of unauthorized access or hacking.

Standardized security protocols

By using modern authentication protocols, the login process complies with the highest security standards.

Because security is managed centrally within Connect, you automatically benefit from the latest updates and security patches without needing to take any action yourself.

For system administrators, Connect offers major time savings and direct control. Instead of searching through multiple modules, access can be managed from one central location.

Does an account need to be blocked immediately (for example, when an employee leaves the organization)? With a single action in Connect, access is revoked across all connected systems.

Unblocking accounts is also fast and straightforward, minimizing downtime for employees.

Connect includes a comprehensive audit log feature. This allows you to see exactly who logged in and when, as well as whether emails — such as password reset emails — have been sent to employees.

Users can restore access to their account themselves using the “Forgot password” option.

If this is unsuccessful, administrators can send a temporary password to a colleague directly through the Connect management environment.

What actions does my organization need to take?

Please inform your (support) consultant which person will be the first application administrator to receive access to the Connect platform.

After that, access can be granted to additional colleagues directly within the platform.

Logging into the Connect platform

The designated application administrator will receive an email containing a link to activate their account in Connect.

On this page, you can find all information about the Connect platform: Connect documentation – Domains

Registering a domain

To support user management within your domain — and, where applicable, Single Sign-On (SSO) — your organization must verify ownership of the domain associated with your users’ email accounts. This can be done using either a DNS TXT record or a CNAME record.

When a user attempts to log in with an email address from a domain that has not been verified by the organization, authentication will be denied. In that case, the user’s login credentials will not be forwarded to the authentication proxy for verification.

How to verify a domain

Go to the Domains tab, click the Add domain button, and enter the domain name used by users within your organization to log in.

Example: if the email address is username@example.com, enter example.com in the window that appears and click Next.

Verification via DNS

The next step will display the domain name you just added, along with additional information about the DNS TXT record that needs to be created.

If you choose to verify via HTTPS, you can skip the DNS steps below and continue to the section Verification via HTTPS.

Log in to your DNS provider and create a DNS TXT record for the domain you just added (for example, example.com) using the value and configuration shown in the Authentication Settings.

Below, you can find instructions for creating DNS records with popular domain providers:

• GoDaddy
• AWS Route 53
• Microsoft Azure DNS
• Cloudflare DNS
• Google Cloud DNS
• Google Domains Help

After creating the DNS record, wait 5 minutes (the TTL is set to 300 seconds) to allow the changes to propagate. Then return to the Visma Authentication Settings and click the Verify button in the wizard where you left off.

Tip: If the validation fails the first time, wait a few more minutes and try again. If it still does not work afterwards, there may be a configuration issue with your DNS provider settings. In that case, remove the settings you just created and start again from step 2.

Once the record has been confirmed, the status in the Status column will change to Verified.

Verification via HTTPS

If you choose to verify your domain via HTTPS, download the verification file from the Visma Authentication Settings. Then upload or publish this file to the root directory of your domain’s website.

After that, return to the Visma Authentication Settings and click the Verify button.

Repeat these steps for all domains that need to be verified.

You may remove the DNS TXT record or the static HTML file after Visma has verified your domain. Do not remove anything before the status of your domain is actually set to Verified.

Approval for migration

Once the domain registration has been completed, please contact the person who granted you access to the Connect platform. We will then migrate the login to Connect.

After the migration, we will get in touch so that logging in via Connect can be tested.