This document provides instructions for integrating Identum eADM Visma User Administration. The integration enables automated provisioning and updating of user information from Active Directory (AD) to Visma, as well as managing user access to various systems and modules in Visma.
Functionality
The integration has two primary functions: user data write-back and access management.
-
User Data Write-back: Automatically synchronizes user data from eADM the corresponding user profile in Visma User Administration.
-
Access Management: Manages user access to various systems and modules in the Visma environment, such as ERP functions, travel expenses, e-commerce, and invoice approval.
Example of Access Management
The following table shows an example of how access rights in Visma can be managed by eADM, including rules for automatic assignment.
|
Correct Name |
External ID |
Automatic Assignment Rule |
|---|---|---|
|
Invoice Approval |
|
All employees with position codes 9000–9999 |
|
Order/Approval E-commerce |
|
All employees |
|
Access to the travel expense module on the web |
|
All employees |
|
Access to payslips and travel expense reports via the app |
|
All employees with position codes 9000–9999 |
|
Access Enterprise Homepage |
|
All employees |
|
Access to the BI Management Group |
N/A |
All employees with position code 9000 or 9999 |
|
Invoice Approval |
|
All employees with position codes 9000–9999 |
|
Record Absence |
|
All employees with position codes 9000–9999 |
|
Lookup HRM |
|
All employees with position codes 9000–9999 |
|
Finance Lookup |
|
All employees with position codes 9000–9999 |
|
Lookup: Outgoing Invoice Basis |
N/A |
All employees with position codes 9000–9999 |
|
E-attachment on the Web |
|
All employees with position codes 9000–9999 |
|
Budget Changes on the Web |
|
All employees with position codes 9000–9999 |
|
Financial Reporting on the Web |
|
All employees with position codes 9000–9999 |
|
Access Autopay |
|
All employees with responsibility codes 830000 and 8301 |
|
Full Access HRM |
|
All employees with responsibility code 830010 |
|
Full Access Finance |
|
All employees with responsibility code 830010 |
|
Full Access Invoice |
|
All employees with responsibility code 530010 |
User Data Write-back
eADM automatically synchronize data with Visma User Administration when a user is created or updated in Active Directory or Entra ID. The method depends on your Visma environment.
-
Visma Enterprise+ (Cloud): Data synchronization is handled via a dedicated synchronization template in eADM, similar to other system integrations.
-
Visma Enterprise (On-Premises): For on-premises installations, synchronization must be performed through the eADM client.
The following user fields can be written back to Visma:
-
Work Email
-
Username (alias)
-
Initials
-
Work Mobile
-
Private Phone
Warning: Risk of duplicate accounts in Visma Connect. If a user’s email address is changed and this change is automatically synchronized with Visma User Administration, a duplicate account may be created in Visma Connect. By default, Identum configures write-back so that the email address is only set when a new user account is first created. Please notify us if you also want subsequent changes to be handled automatically.
Manual Data Write-back
You can manually update a Visma user from Active Directory using the eadm.client.exe command-line tool, located in the C:\eadm\ folder. For this to work properly, the user's ID from Visma User Administration must be stored in an attribute on the user object in AD.
Note: The organization number ([org. no.]) uses the format N0123456789 and can be found in the eADM under System → Organization.
Command-Line Examples
Update Email (Work or Personal)
Bash
eadm.client.exe updatevismaemail [org.nr] WORK (or PRIVATE) [webuserid] [emailaddress]
Clear Email Field
Bash
eadm.client.exe updatevismaemail [org.nr] WORK (or PRIVATE) [webuserid]
Update Username (uid)
Bash
eadm.client.exe updatevismauid [org.id] [webuserid] [username]
Update Initials
Bash
eadm.client.exe updatevismainitials [org.nr] [webuserid] [initials]
Note: If the Username and Initials fields in Visma should have the same value, only run the update view initials command. This command updates both fields. Do not run both commands with the same value.
Update Mobile (Work Phone)
Bash
eadm.client.exe updatevismaphone [org.nr] MOBILE [webuserID] [phonenumber]
Clear Mobile (Work Phone)
Bash
eadm.client.exe updatevismaphone [org.nr] MOBILE [webuserID]
Troubleshooting
You can test the connection to the Visma Enterprise server by looking up a user directly in a web browser.
-
Construct the URL using your Visma Enterprise server address and the user's Employee ID (referred to as
webuserid(in eADM).-
Syntax:
https://[Your-Visma-Server.com]/enterprise_ws/secure/user/[webuserid] -
Example:
https://r1-kommune.enterprise.visma.no/enterprise_ws/secure/user/72904
-
-
You will be prompted to enter the username and password for the web service user account.
-
If the connection is successful, the browser will display the user's data in XML format.
Example of successful XML output:
XML
<user userId="72904" mobilePhone="4..." usertype="INTERNAL" userStatus="ACTIVE">
<usernames username="SIRI..."/>
<name displayName="Siri..."/>
<groupMembership>
<group id="14879"/>
<group id="14880"/>
<group id="62276"/>
</groupMembership>
</user>