This article explains setting up your Azure SSO provider with Expel Workbench

  1. Log in to your Azure console.

  2. In the search bar at the top, search for Enterprise Applications and navigate to it.

  3. On the page, select New Application.

  4. On the Add your own application page, provide a name for the application and click Add.

  5. On the newly created application page, on the left menu bar, under Manage, click Properties.

  6. Click Overview on the left menu bar to navigate to the application’s overview page.

  7. Click Set up single sign-on.

  8. For Select a single sign-on method, click SAML.

    You are now on the SAML-based Sign-on page in Azure.

  9. Edit section 1- Basic SAML Configuration.

  10. Open a new tab or window and log in to Expel Workbench (https://workbench.expel.io).

  11. Navigate to Organization Settings > My Organization and select the organization.

  12. On the Integrations tab, click Single Sign-on > Configure SSO.

  13. Copy and paste the following from Expel Workbench into Azure:

    • ACS URL or Single Sign-on URL → Reply URL (Assertion Consumer Service URL).

    • Audience URI or Audience → Identifier (Entity ID).

      Note

      You can put anything in this field. We recommend this value, but if your value naming standards are different, follow your standards. However, on step 17, be consistent and use this exact value or URI there, too.

    • Leave Yes, allow users to log in locally OR via SSO selected for local logins. This makes initial SSO setup easier. You can change this later.

  14. In Azure, edit Single sign-on section 2 User Attributes & Claims, click Add new claim.

  15. In the Manage Claim view:

    Screen Shot 2021-03-05 at 10.13.05 AM.png
    • Type the word email (case-sensitive) under Name.

    • Leave the Namespace empty.

    • Select Attribute for Source.

    • Select the appropriate value for your organization for Source attribute. This field populates each user’s email address, and can be different from the example shown.

  16. In Azure, navigate back to Single sign-on on the left menu bar. Copy the following values from Azure into Expel Workbench.

    • Login URL → Single Sign-on URL or SAML 2.0 Endpoint.

    • Default Entity ID → Issuer or Issuer ID or if you chose a different value in step 14, use that exact value or URI here.

    • Certificate (Base64) → Certificate.

  17. In Expel Workbench, click Save.