This article explains setting up your Okta SSO provider with Expel Workbench

  1. Log into your Okta console.

  2. Navigate to Applications in the main top navigation.

  3. Click Add Application > Create New App.

  4. The settings should be as follows:

    • Platform: Web.

    • Sign on method: SAML 2.0.

    • Click Create.

      Note

      This screen can look slightly different depending on your Okta account.

  5. Under General Settings:

    • App name: Expel Workbench.

  6. You are now on the Configure SAML step in Okta. Copy information from Expel Workbench to complete the integration. Open a new tab or window and log into Expel Workbench (https://workbench.expel.io)

  7. Navigate to Organization Settings > My Organizations and select the organization. Click Integrations > Configure SSO.

  8. Next, copy and paste the following from Expel Workbench into Okta:

    • ACS URL or Single Sign-on URL → Single sign on URL

    • Audience URI or Audience → Audience URI (SP Entity ID)

    • Leave Yes, allow users to log in locally OR via SSO selected for local logins. This selection makes initial SSO setup easier. You can change this later.

  9. In Okta under (A) SAML Settings, Attribute Statements (Optional):

    • Type the word email under Name, and select user.email from the Value list.

      Tip

      These are case sensitive.

  10. For the Okta feedback form, select I’m an Okta customer adding an internal app and fill in the following optional information as you see fit. Or This is an internal app that we have created. Then click Finish.

  11. In Okta under Sign On, Settings > View Setup Instructions.

  12. In Expel Workbench, click Next 2 times, until you see Step 3 of 3.

  13. Copy and paste the following from Okta into Expel Workbench.

    • Identity Provider Single-Sign-On URL → Single Sign-On URL or SAML 2.0 Endpoint

    • Identity Provider Issuer → Issuer or Issuer ID

    • X.509 Certificate → Certificate

  14. Click Save in Expel Workbench.