Visma User Administration
This document provides instructions for integrating Identum eADM with Visma User Administration. The integration enables automated provisioning and updating of user information from Active Directory (AD) to Visma, in addition to managing user access to various systems and modules in Visma.
Functionality
The integration has two primary functions: user data write-back and access management.
User Data Write-back: Automatically synchronizes user data from eADM to the corresponding user profile in Visma User Administration.
Access Management: Manages user access to various systems and modules in the Visma environment, such as ERP functions, travel expenses, e-commerce, and invoice approval.
Example of Access Management
The following table shows an example of how access rights in Visma can be managed by eADM, with rules for automatic assignment.
Right Name | External ID | Automatic Assignment Rule |
|---|---|---|
Fakturagodkjenning (Invoice Approval) |
| All employees with position code 9000-9999 |
Bestilling/godkjenning e-handel (Order/Approval E-commerce) |
| All employees |
Tilgang til reiseregningsmodulen på WEB (Access to travel expense module on WEB) |
| All employees |
Tilgang til lønnsslipp og reiseregning via APP (Access to payslip and travel expense via APP) |
| All employees with position code 9000-9999 |
Tilgang Enterprise Startside (Access Enterprise Homepage) |
| All employees |
Tilgang til BI-Ledergruppe (Access to BI-Manager Group) | N/A | All employees with position code 9000, 9999 |
Fakturagodkjenning (Invoice Approval) |
| All employees with position code 9000-9999 |
Registrere fravær (Register Absence) |
| All employees with position code 9000-9999 |
Oppslag HRM (Lookup HRM) |
| All employees with position code 9000-9999 |
Oppslag Økonomi (Lookup Finance) |
| All employees with position code 9000-9999 |
Oppslag utgående fakturagrunnlag (Lookup Outgoing Invoice Basis) | N/A | All employees with position code 9000-9999 |
Ebilag på WEB (E-attachment on WEB) |
| All employees with position code 9000-9999 |
Budsjettendringer på WEB (Budget Changes on WEB) |
| All employees with position code 9000-9999 |
Rapportering økonomi på WEB (Financial Reporting on WEB) |
| All employees with position code 9000-9999 |
Tilgang Autopay (Access Autopay) |
| All employees with responsibility code 830000 and 8301 |
Full tilgang HRM (Full Access HRM) |
| All employees with responsibility code 830010 |
Full tilgang Økonomi (Full Access Finance) |
| All employees with responsibility code 830010 |
Full tilgang Faktura (Full Access Invoice) |
| All employees with responsibility code 530010 |
User Data Write-back
eADM can automatically write data back to Visma User Administration when a user is created or updated in Active Directory or Entra ID. The method depends on your Visma environment.
Visma Enterprise+ (Cloud): Data synchronization is handled via a dedicated synchronization template in eADM, similar to other system integrations.
Visma Enterprise (On-Premises): For local installations, synchronization must go through the eADM local client.
The following user fields can be written back to Visma:
Work Email
Username (alias)
Initials
Work Mobile
Private Phone
Warning: Risk of Duplicate Accounts in Visma Connect. If a user's email address is changed and this change is automatically synchronized to Visma User Administration, a duplicate account may be created in Visma Connect. By default, Identum configures write-back so that the email address is only set upon the initial creation of a new user account. Please notify us if you also want automatic handling of subsequent changes.
Manual Data Write-back
You can manually update a Visma user from Active Directory using the eadm.client.exe command-line tool, located in the C:\eadm\ folder. For this to function correctly, the user's ID from Visma User Administration must be stored in an attribute on the user object in AD.
Note: The organization number ([org.nr]) uses the format N0123456789 and can be found in the eADM portal under System → Organization.
Command-Line Examples
Update Email (Work or Private)
Basheadm.client.exe updatevismaemail [org.nr] WORK (or PRIVATE) [webuserid] [emailaddress]Clear Email Field
Basheadm.client.exe updatevismaemail [org.nr] WORK (or PRIVATE) [webuserid]Update Username (uid)
Basheadm.client.exe updatevismauid [org.nr] [webuserid] [username]
Update Initials
Basheadm.client.exe updatevismainitials [org.nr] [webuserid] [initials]Note: If the Username and Initials fields in Visma should have the same value, only run the updatevismainitials command. This command updates both fields. Do not run both commands with the same value.
Update Mobile (Work Mobile Phone)
Basheadm.client.exe updatevismaphone [org.nr] MOBILE [webuserID] [phonenumber]Clear Mobile (Work Mobile Phone)
Basheadm.client.exe updatevismaphone [org.nr] MOBILE [webuserID]Troubleshooting
You can test the connection to the Visma Enterprise server by looking up a user directly in a web browser.
Construct the URL using your Visma Enterprise server address and the user's Employee ID (referred to as
webuseridin eADM).Syntax:
https://[Your-Visma-Server.com]/enterprise_ws/secure/user/[webuserid]Example:
https://r1-kommune.enterprise.visma.no/enterprise_ws/secure/user/72904
You will be prompted for the username and password for the web service user account.
If the connection is successful, the browser will display the user's data in XML format.
Example of successful XML output:
XML<user userId="72904" mobilePhone="4..." usertype="INTERNAL" userStatus="ACTIVE">
<usernames username="SIRI..."/>
<name displayName="Siri..."/>
<groupMembership>
<group id="14879"/>
<group id="14880"/>
<group id="62276"/>
</groupMembership>
</user>