1. Expel Support Center
  2. Getting started with Expel Workbench™
  3. Getting set up and ready to go in Workbench
  4. Connecting your single sign on tools

Configuring your Azure SSO Provider with Workbench

Sharon Burton
  • Updated

  1. Log into your Azure console.

  2. Search for Enterprise Applications in the search bar at the top and navigate to it.

    MS_Azure_search_bar.png

  3. On the page, select New Application.

  4. On the Add an application page, click Non-gallery application.

    Azure_Non_gallery_icon

  5. On the Add your own application page, provide a name for the application and click Add.

  6. On the newly created application page, click Properties on the left menu bar under Manage.

    Azure_Manage_properties

  7. Upload our logo and click Save. You can right-click this image and save it locally.

    Expel Logo

  8. Click Overview on the left menu bar to navigate to the application’s overview page.

  9. Click Set up single sign-on.

    MS_Azure_SSO_setup.png

    • Or, click Single sign-on on the left menu bar under Manage.

      MS_Azure_SSO_setup_Manage.png

  10. For Select a single sign-on method, click SAML.

    MS_Azure_SAML.png

  11. You are now on the SAML-based Sign-on page in Azure. Edit section 1- Basic SAML Configuration.

  12. Copy and paste the field Azure AD Identifier from section 4 to Identifier (Entity ID).

    MS_Azure_SSO_setup_New_SAML.png

  13. Next, copy information from Expel Workbench to complete the integration. Open a new tab or window and log into Expel Workbench (https://workbench.expel.io).

  14. Navigate to Settings > My Organizations and select the organization. Then select the Integrations tab and click Configure SSO under Single Sign-on.

    Screen Shot 2021-03-05 at 10.12.05 AM.png

  15. Copy and paste the following from Expel Workbench into Azure:

    • ACS URL or Single Sign-on URL → Reply URL (Assertion Consumer Service URL).

    • Leave Yes, allow users to log in locally OR via SSO selected for local logins. This makes initial SSO setup easier. You can change this later.

      Screen Shot 2021-03-05 at 10.12.34 AM.png

  16. In Azure, edit Single sign-on section 2 User Attributes & Claims, click Add new claim.

  17. In the Manage Claim view:

    Screen Shot 2021-03-05 at 10.13.05 AM.png

    • Type the word email (case-sensitive) under Name.

    • Leave the Namespace empty.

    • Select Attribute for Source.

    • Select the appropriate value for your organization for Source attribute. This field populates each user’s email address, and can be different from the example shown.

    • Click Save.

  18. Navigate back to Single sign-on on the left menu bar in Azure. Copy the following values into Expel Workbench.

    • Login URL → Single Sign-on URL or SAML 2.0 Endpoint.

    • Azure AD Identifier → Issuer or Issuer ID.

    • Certificate (Base64) → Certificate.

      Screen Shot 2021-03-05 at 10.13.32 AM.png

  19. Click Save in Expel Workbench.

Important

Before signing in with SSO, make sure that:

  • In your SSO provider, Workbench is assigned to all intended users.

  • The user email addresses in your SSO provider match the email that's configured for the users in Workbench. The emails are case sensitive.

  • New members of your organization that need access to Workbench have user accounts created in Workbench and have Workbench assigned to them in your Identity Provider.

  • After you finish testing and setting up, in Workbench, you can disable local logins by clicking Edit from the list, and clicking No, users can ONLY log in via SSO. Then click Next > Next > Save to save.

  • Was this article helpful?

  • 1 out of 1 found this helpful

Related articles