This article explains setting up your OneLogin SSO provider with Expel Workbench

  1. Log into your OneLogin Console and navigate to Administration in the top right corner.

  2. Navigate to Applications > Add App.

  3. Search for SAML and select SAML Test Connector (IdP w/attr w/ sign response).

  4. Under Portal:

    • Display Name: Expel Workbench.

  5. Select Configuration in the left navigation.

    Copy information from Expel Workbench to complete the integration.

  6. Open a new tab or window and log in to Expel Workbench (

  7. Navigate to Organization Settings > My Organization and select the organization.

  8. On the Integrations tab, click Single Sign-on > Configure SSO.

  9. Copy and paste the following from Expel Workbench into OneLogin.

    • ACS URL or Single Sign-on URL → ACS (Consumer) URL.

    • Audience URI or Audience → Audience.

    • ACS URI Validator → ACS (Consumer) URI Validator.

    • Leave Yes, allow users to log in locally OR via SSO selected for local logins. This makes initial SSO setup easier. You can change this later.

  10. In Expel Workbench, click Next.

  11. In OneLogin, in Parameters, do the following:

    • Click the “+” button on the left to add a new parameter.

    • For Field name type the word email and select Include SAML assertion. Click Save.

  12. Click Save in the upper right corner.

  13. For Value, select Email from the list and click Save.

  14. Navigate to SSO in the left navigation.

  15. Right-click and open in a new tab or window View Details under the X.509 Certificate.

  16. Copy and paste the X.509 Certificate from OneLogin into Expel Workbench.

  17. Back in the SSO window, copy and paste the following from OneLogin into Expel Workbench.

    • SAML 2.0 Endpoint (HTTP)→ Single Sign-On URL or SAML 2.0 Endpoint.

    • Issuer URL → Issuer or Issuer ID.

  18. Click Save in Expel Workbench.

  19. Click Save in OneLogin.