This article explains setting up your Okta SSO provider with Expel Workbench
-
Log into your Okta console.
-
Navigate to Applications in the main top navigation.
-
Click Add Application > Create New App.
-
The settings should be as follows:
-
Platform: Web.
-
Sign on method: SAML 2.0.
-
Click Create.
Note
This screen can look slightly different depending on your Okta account.
-
-
Under General Settings:
-
App name: Expel Workbench.
You are now on the Configure SAML step in Okta. Copy information from Expel Workbench to complete the integration.
-
-
Open a new tab or window and log in to Expel Workbench (https://workbench.expel.io)
-
Navigate to Organization Settings > My Organization and select the organization.
-
On the Integrations tab, click Single Sign-on > Configure SSO.
-
Copy and paste the following from Expel Workbench into Okta:
-
ACS URL or Single Sign-on URL → Single sign on URL
-
Audience URI or Audience → Audience URI (SP Entity ID)
-
Leave Yes, allow users to log in locally OR via SSO selected for local logins. This selection makes initial SSO setup easier. You can change this later.
-
-
In Okta, in (A) SAML Settings, under Attribute Statements (Optional):
-
Type the word email under Name, and select user.email from the Value list.
Tip
These fields are case sensitive.
-
-
For the Okta feedback form, do one of the following:
-
Select I’m an Okta customer adding an internal app and fill in the following optional information as you see fit.
-
Select This is an internal app that we have created.
-
-
Click Finish.
-
In Okta under Sign On, click Settings > View Setup Instructions.
-
In Expel Workbench, click Next two times, until you see Step 3 of 3.
-
Copy and paste the following from Okta into Expel Workbench.
-
Identity Provider Single-Sign-On URL → Single Sign-On URL or SAML 2.0 Endpoint
-
Identity Provider Issuer → Issuer or Issuer ID
-
X.509 Certificate → Certificate
-
-
Click Save in Expel Workbench.