This article explains setting up your Azure SSO provider with Expel Workbench

  1. Log into your Azure console.

  2. In the search bar at the top, search for Enterprise Applications and navigate to it.

  3. On the page, select New Application.

  4. On the Add your own application page, provide a name for the application and click Add.

  5. On the newly created application page, click Properties on the left menu bar under Manage.

  6. Click Overview on the left menu bar to navigate to the application’s overview page.

  7. Click Set up single sign-on.

  8. For Select a single sign-on method, click SAML.

  9. You are now on the SAML-based Sign-on page in Azure. Edit section 1- Basic SAML Configuration.

  10. In Expel Workbench copy the field Audience URI and paste it in Identifier (Entity ID) in Section 1 in Azure.


    You can put anything in this field. We recommend this value, but if your value naming standards are different, follow your standards. However, on step 17, be consistent and use this exact value or URI there, too.

  11. In Expel Workbench, copy information to complete the integration. Open a new tab or window and log into Expel Workbench (

  12. Navigate to Organization Settings > My Organizations and select the organization. Then select the Integrations tab and click Configure SSO > Single Sign-on.

  13. Copy and paste the following from Expel Workbench into Azure:

    • ACS URL or Single Sign-on URL → Reply URL (Assertion Consumer Service URL).

    • Leave Yes, allow users to log in locally OR via SSO selected for local logins. This makes initial SSO setup easier. You can change this later.

      Screen Shot 2021-03-05 at 10.12.34 AM.png
  14. In Azure, edit Single sign-on section 2 User Attributes & Claims, click Add new claim.

  15. In the Manage Claim view:

    Screen Shot 2021-03-05 at 10.13.05 AM.png
    • Type the word email (case-sensitive) under Name.

    • Leave the Namespace empty.

    • Select Attribute for Source.

    • Select the appropriate value for your organization for Source attribute. This field populates each user’s email address, and can be different from the example shown.

  16. In Azure, navigate back to Single sign-on on the left menu bar. Copy the following values from Azure into Expel Workbench.

    • Login URL → Single Sign-on URL or SAML 2.0 Endpoint.

    • Default Entity ID → Issuer or Issuer ID or if you chose a different value in step 11, use that exact value or URI here.

    • Certificate (Base64) → Certificate.

  17. In Expel Workbench, click Save.