This article explains how to connect DEVO to Workbench.

Step 1: Enable console access

This procedure creates a user account for Expel that keeps Expel activity separate from other activity on the DEVO console.


Expel secures all login information our SOC analysts need about your devices in an MFA password product. Access to this login information is protected using our internal MFA processes. To learn more about the IP addresses all Expel traffic comes from, go here.

  1. Navigate to Administration > Users > and click ADD USER at the upper right of the page.

  2. For E-mail type: soc+<Your_Organization_Name>


    Yes, the "+" sign is part of the email address, and it's important. Click here to find out why.

  3. For Username type

  4. For Role select Administrator.

Step 2: Enable API Access for Expel

This procedure creates an authentication token that allows access to the DEVO API.

  1. Navigate to Administration > Credentials and click CREATE NEW API KEY at the upper right of the page.

  2. Make note of the newly generated API Key and API Secret.

Step 3: Configure DEVO in Workbench

  1. In a new browser tab, login to

  2. On the console page, navigate to Settings and click Security Devices.

  3. At the top right of the page, click Add Security Device.

  4. Search for and select DEVO.

  5. Type a Name for the DEVO device.

  6. For Location type the geographic location of the appliance.

  7. For Server Address type your DEVO Web URL address (for example,

  8. Type the API Key and API Secret generated in Step 2.

  9. You can provide console access now or set it up later. Use the instructions below to set it up later.


This article was accurate at the time of writing, but changes happen. If you find the instructions are outdated, leave a description in the comment field below and let us know!