1. In Expel Workbench, navigate to Organization Settings > My Organization and select the organization.

  2. Select the Integrations tab.

  3. In the Single Sign-on section, select Configure SSO.

  4. Copy and paste the following information from Expel Workbench into your SSO provider:

    • ACS URL or Single Sign-on URL can also be referred to as Assertion Consumer Service URL or Redirect URL.

    • Audience URI or Audience can also be referred to as SP Entity or SP Entity ID.

    • ACS URI Validator may not be required, depending on your SSO provider.

  5. Select Next.
  6. In your SSO provider, configure an email parameter or attribute. The attribute name in Workbench is case sensitive, so make sure the attribute name is email and not Email. You may need to create a custom attribute to ensure this. Refer to your SSO provider’s documentation to complete this step.

  7. Copy and paste the appropriate information from your SSO provider into Expel Workbench:

    • Single Sign-On URL or SAML 2.0 Endpoint can also be referred to as the Login URL.

    • Issuer or Issuer ID can also be referred to as Identity Provider Issuer or Entity ID.

    • Certificate - copy and paste it into the field or upload as an attachment.

  8. Before signing in with SSO, ensure that:
    • In your SSO provider, Workbench is assigned to all intended users.

    • The user email addresses in your SSO provider match the email configured for the users in Workbench. The email addresses are case-sensitive.

    • New members of your organization that need access to Workbench have user accounts created in Workbench and have Workbench assigned to them in your Identity Provider.

    • After you finish testing and setting up, you can disable local logins by completing these steps in Workbench:

      1. Navigate to Organization Settings > Integrations tab.

      2. Select Edit from the SSO list.

      3. Select No, users can ONLY log in via SSO.

      4. Save by selecting Next > Next > Save.