1. Expel Support Center
  2. Getting started with Expel Workbench™
  3. Getting set up and ready to go in Workbench
  4. Connecting your single sign on (SSO) tools

Configuring your Azure SSO Provider with Workbench

  • Updated

This article explains setting up your Azure SSO provider with Expel Workbench

Tip

Workbench logins don't support SCIM. We only support SAML and local logins.

  1. Log into your Azure console.

  2. In the search bar at the top, search for Enterprise Applications and navigate to it.

  3. On the page, select New Application.

  4. On the Add your own application page, provide a name for the application and click Add.

  5. On the newly created application page, click Properties on the left menu bar under Manage.

  6. Upload our logo and click Save. You can right-click this image and save it locally.

    Expel Logo

  7. Click Overview on the left menu bar to navigate to the application’s overview page.

  8. Click Set up single sign-on.

  9. For Select a single sign-on method, click SAML.

  10. You are now on the SAML-based Sign-on page in Azure. Edit section 1- Basic SAML Configuration.

  11. In Expel Workbench copy the field Audience URI and paste it in Identifier (Entity ID) in Section 1 in Azure.

    Note

    You can put anything in this field. We recommend this value, but if your value naming standards are different, follow your standards. However, on step 17, be consistent and use this exact value or URI there, too.

  12. In Expel Workbench, copy information to complete the integration. Open a new tab or window and log into Expel Workbench (https://workbench.expel.io).

  13. Navigate to Organization Settings > My Organizations and select the organization. Then select the Integrations tab and click Configure SSO > Single Sign-on.

  14. Copy and paste the following from Expel Workbench into Azure:

    • ACS URL or Single Sign-on URL → Reply URL (Assertion Consumer Service URL).

    • Leave Yes, allow users to log in locally OR via SSO selected for local logins. This makes initial SSO setup easier. You can change this later.

      Screen Shot 2021-03-05 at 10.12.34 AM.png

  15. In Azure, edit Single sign-on section 2 User Attributes & Claims, click Add new claim.

  16. In the Manage Claim view:

    Screen Shot 2021-03-05 at 10.13.05 AM.png

    • Type the word email (case-sensitive) under Name.

    • Leave the Namespace empty.

    • Select Attribute for Source.

    • Select the appropriate value for your organization for Source attribute. This field populates each user’s email address, and can be different from the example shown.

    • Click Next.

  17. In Azure, navigate back to Single sign-on on the left menu bar. Copy the following values from Azure into Expel Workbench.

    • Login URL → Single Sign-on URL or SAML 2.0 Endpoint.

    • Default Entity ID → Issuer or Issuer ID or if you chose a different value in step 11, use that exact value or URI here.

    • Certificate (Base64) → Certificate.

  18. In Expel Workbench, click Save.

Important

Before signing in with SSO, make sure that:

  • In your SSO provider, Workbench is assigned to all intended users.

  • The user email addresses in your SSO provider match the email that's configured for the users in Workbench. The emails are case sensitive.

  • New members of your organization that need access to Workbench have user accounts created in Workbench and have Workbench assigned to them in your Identity Provider.

  • After you finish testing and setting up, in Workbench, you can disable local logins by going to the Integrations area in Settings. Click Edit from the list, and click No, users can ONLY log in via SSO. Then click Next > Next > Save to save.

  • Was this article helpful?

  • 1 out of 1 found this helpful

Related articles