Configuring your SSO provider with Workbench

In Expel Workbench, navigate to Settings > My Organizations and select the organization. Click the Integrations tab and click Configure SSO under Single Sign-on.
Copy and paste the following from Expel Workbench into your SSO provider:
- ACS URL or Single Sign-on URL: This can be called an Assertion Consumer Service URL or Redirect URL.
- Audience URI or Audience: This can be called SP Entity or SP Entity ID.
- ACS URI Validator: This may not be required, depending on your SSO provider.
- Leave Yes, allow users to log in locally OR via SSO selected for local logins. This makes initial SSO setup easier. You can change this later.
Click Next.
In your SSO provider, set up an email parameter or attribute. The attribute name in Workbench is case sensitive, so make sure the attribute name is email, and not Email. To ensure this, you may need to create a custom attribute. Refer to your SSO provider’s documentation to complete this step.
Click Next.
Copy and paste the appropriate information from your SSO provider into Expel Workbench.
- Single Sign-On URL or SAML 2.0 Endpoint: this can be called the Login URL.
- Issuer or Issuer ID: this can be called Identity Provider Issuer or Entity ID.
- Certificate: this can be copy and pasted or uploaded as an attachment.
Click Save.

Before signing in with SSO, make sure that:

In your SSO provider, Workbench is assigned to all intended users.
The user email addresses in your SSO provider match the email that's configured for the users in Workbench. The emails are case sensitive.
New members of your organization that need access to Workbench have user accounts created in Workbench and have Workbench assigned to them in your Identity Provider.
After you finish testing and setting up, in Workbench, you can disable local logins by clicking Edit from the list, and clicking No, users can ONLY log in via SSO. Then click Next > Next > Save to save.

Comments