1. Expel Help Center
  2. Getting Started with Expel
  3. Workbench Setup
  4. Connect Your Single Sign-On (SSO) Tools

Configuring your Okta SSO provider with Workbench

This article explains setting up your Okta SSO provider with Expel Workbench

Tip

Workbench logins don't support SCIM. We only support SAML and local logins.

  1. Log into your Okta console.

  2. Navigate to Applications in the main top navigation.

  3. Click Add Application > Create New App.

  4. The settings should be as follows:

    • Platform: Web.

    • Sign on method: SAML 2.0.

    • Click Create.

      Note

      This screen can look slightly different depending on your Okta account.

  5. Under General Settings:

    • App name: Expel Workbench.

    • Upload our logo and click Save. You can right-click this image and save it locally.

      Expel Logo

    • Click Next.

    You are now on the Configure SAML step in Okta. Copy information from Expel Workbench to complete the integration.

  6. Open a new tab or window and log in to Expel Workbench (https://workbench.expel.io)

  7. Navigate to Organization Settings > My Organization and select the organization.

  8. On the Integrations tab, click Single Sign-on > Configure SSO.

  9. Copy and paste the following from Expel Workbench into Okta:

    • ACS URL or Single Sign-on URL → Single sign on URL

    • Audience URI or Audience → Audience URI (SP Entity ID)

    • Leave Yes, allow users to log in locally OR via SSO selected for local logins. This selection makes initial SSO setup easier. You can change this later.

  10. In Okta, in (A) SAML Settings, under Attribute Statements (Optional):

    • Type the word email under Name, and select user.email from the Value list.

      Tip

      These fields are case sensitive.

    • Click Next.

  11. For the Okta feedback form, do one of the following:

    • Select I’m an Okta customer adding an internal app and fill in the following optional information as you see fit.

    • Select This is an internal app that we have created.

  12. Click Finish.

  13. In Okta under Sign On, click Settings > View Setup Instructions.

  14. In Expel Workbench, click Next two times, until you see Step 3 of 3.

  15. Copy and paste the following from Okta into Expel Workbench.

    • Identity Provider Single-Sign-On URL → Single Sign-On URL or SAML 2.0 Endpoint

    • Identity Provider Issuer → Issuer or Issuer ID

    • X.509 Certificate → Certificate

  16. Click Save in Expel Workbench.

Important

Before signing in with SSO, make sure that:

  • In your SSO provider, Workbench is assigned to all intended users.

  • The user email addresses in your SSO provider match the email that's configured for the users in Workbench. The emails are case sensitive.

  • New members of your organization that need access to Workbench have user accounts created in Workbench and have Workbench assigned to them in your Identity Provider.

  • After you finish testing and setting up, in Workbench, you can disable local logins by going to the Integrations tab in Organization Settings. Click Edit from the SSO list, and click No, users can ONLY log in via SSO. Then save by clicking Next > Next > Save.

Related articles