Skip to main content

Configuring your Okta SSO provider with Workbench

Sharon Burton
  • Updated

  1. Log into your Okta console.

  2. Navigate to Applications in the main top navigation.

  3. On the left of the page, select Add Application.

  4. On the left of the page, select Create New App.

  5. The settings should be as follows:

    • Platform: Web

    • Sign on method: SAML 2.0

    • Click Create.

      Screen Shot 2021-03-05 at 1.15.45 PM.png

      Note

      This screen can look slightly different depending on your Okta account.

  6. Under General Settings

    • App name: Expel Workbench.

    • Upload our logo and click Save. You can right-click this image and save it locally.

      Expel Logo

    • Click Next.

  7. You are now on the Configure SAML step in Okta. You need to copy information from Expel Workbench to complete the integration. Open a new tab or window and log into Expel Workbench (https://workbench.expel.io)

  8. Navigate to Settings > My Organizations and select the organization. Then select the Integrations tab and click the Configure SSO link under Single Sign-on.

    Screen Shot 2021-03-05 at 1.16.15 PM.png

  9. Next, copy and paste the following from Expel Workbench, into Okta:

    • ACS URL or Single Sign-on URL → Single sign on URL

    • Audience URI or Audience → Audience URI (SP Entity ID)

    • Leave Yes, allow users to log in locally OR via SSO selected for local logins. This selection makes initial SSO setup easier. You can change this later.

      Screen Shot 2021-03-05 at 1.16.49 PM.png

  10. In Okta under (A) SAML Settings, Attribute Statements (Optional):

    • Type the word email under Name, and select user.email from the Value list.

      Tip

      These are case sensitive.

    • Click Next.

      Screen Shot 2021-03-05 at 1.17.20 PM.png

  11. For the Okta feedback form, select I’m an Okta customer adding an internal app and fill in the following optional information as you see fit. Or This is an internal app that we have created. Then click Finish.

  12. In Okta, under Sign On, Settings, click View Setup Instructions.

    Screen Shot 2021-03-05 at 1.18.27 PM.png

  13. In Expel Workbench, click Next 2 times, until you see Step 3 of 3.

  14. Copy and paste the following from Okta into Expel Workbench.

    • Identity Provider Single-Sign-On URL → Single Sign-On URL or SAML 2.0 Endpoint

    • Identity Provider Issuer → Issuer or Issuer ID

    • X.509 Certificate → Certificate

      Screen Shot 2021-03-05 at 1.19.03 PM.png

  15. Click Save in Expel Workbench.

Note

Before signing in with SSO, make sure that:

  • In Okta, the Workbench application is assigned to all intended users.

  • The user email addresses you have in Okta match the email configured for the user in Workbench. The emails are case sensitive.

  • New members of your organization that need access to Workbench have user accounts created in Workbench and have the Workbench application assigned to them in your Identity Provider.

  • After you're finished testing and setting up, in Expel Workbench, you can disable local logins by selecting Edit from the list on the right, and selecting No, users can ONLY log in via SSO. Then click Next > Next > Save to save.

    Screen Shot 2021-03-05 at 1.19.33 PM.png

Related articles

Comments

0 comments

Please sign in to leave a comment.