- In Expel Workbench™, navigate to Settings > My Organizations and select the organization. Click the Integrations tab and click Configure SSO under Single Sign-on.
- Copy and paste the following from Expel Workbench into your SSO provider:
- ACS URL or Single Sign-on URL: This can be called an Assertion Consumer Service URL or Redirect URL.
- Audience URI or Audience: This can be called SP Entity or SP Entity ID.
- ACS URI Validator: This may not be required, depending on your SSO provider.
- Leave Yes, allow users to log in locally OR via SSO selected for local logins. This is to make initial SSO setup easier. You can change this later.
- Click Next.
- In your SSO provider, set up an email parameter or attribute. The attribute name in Workbench is case sensitive, so make sure the attribute name is email, and not Email. To ensure this, you may need to create a custom attribute. Refer to your SSO provider’s documentation to complete this step.
- Click Next.
- Copy and paste the appropriate information from your SSO provider into Expel Workbench.
- Single Sign-On URL or SAML 2.0 Endpoint: This can be called the Login URL.
- Issuer or Issuer ID: This can be called Identity Provider Issuer or Entity ID.
Certificate: This can be copy and pasted or uploaded as an attachment.
- Click Save.
Before signing in with SSO, make sure that:
- In your SSO provider, the Workbench application is assigned to all intended users.
- The user email addresses in your SSO provider match the email that is configured for the users in Workbench. The emails are case sensitive.
- New members of your organization that need access to Workbench have user accounts created in Workbench and have the Workbench application assigned to them in your Identity Provider.
- After you're finished testing and setting up, in Expel Workbench, you can disable local logins by selecting Edit from the list, and selecting No, users can ONLY log in via SSO. Then click Next, Next, Save to save.