1. Log into your Azure console.

  2. Search for Enterprise Applications in the search bar at the top and navigate to it.

    MS_Azure_search_bar.png
  3. On the page, select New Application.

  4. On the Add an application page, click Non-gallery application.

    Azure_Non_gallery_icon
  5. On the Add your own application page, provide a name for the application and click Add.

  6. On the newly created application page, click Properties on the left menu bar under Manage.

    Azure_Manage_properties
  7. Click Overview on the left menu bar to navigate to the application’s overview page.

  8. Click Set up single sign-on.

    MS_Azure_SSO_setup.png
    • Or, click Single sign-on on the left menu bar under Manage.

      MS_Azure_SSO_setup_Manage.png
  9. For Select a single sign-on method, click SAML.

    MS_Azure_SAML.png
  10. You are now on the SAML-based Sign-on page in Azure. Edit section 1- Basic SAML Configuration.

  11. Copy and paste the field Azure AD Identifier from section 4 to Identifier (Entity ID).

    MS_Azure_SSO_setup_New_SAML.png
  12. Next, copy information from Expel Workbench to complete the integration. Open a new tab or window and log into Expel Workbench (https://workbench.expel.io).

  13. Navigate to Settings > My Organizations and select the organization. Then select the Integrations tab and click Configure SSO under Single Sign-on.

    Screen Shot 2021-03-05 at 10.12.05 AM.png
  14. Copy and paste the following from Expel Workbench into Azure:

    • ACS URL or Single Sign-on URL → Reply URL (Assertion Consumer Service URL).

    • Leave Yes, allow users to log in locally OR via SSO selected for local logins. This makes initial SSO setup easier. You can change this later.

      Screen Shot 2021-03-05 at 10.12.34 AM.png
  15. In Azure, edit Single sign-on section 2 User Attributes & Claims, click Add new claim.

  16. In the Manage Claim view:

    Screen Shot 2021-03-05 at 10.13.05 AM.png
    • Type the word email (case-sensitive) under Name.

    • Leave the Namespace empty.

    • Select Attribute for Source.

    • Select the appropriate value for your organization for Source attribute. This field populates each user’s email address, and can be different from the example shown.

  17. Navigate back to Single sign-on on the left menu bar in Azure. Copy the following values into Expel Workbench.

    • Login URL → Single Sign-on URL or SAML 2.0 Endpoint.

    • Azure AD Identifier → Issuer or Issuer ID.

    • Certificate (Base64) → Certificate.

      Screen Shot 2021-03-05 at 10.13.32 AM.png
  18. Click Save in Expel Workbench.