Expensify.org is accepting proposals for new campaigns. Submit yours here by April 30th to receive up to $100,000 in funding for campaigns dismantling injustice related to: Climate, Homes, Hunger, Reentry, or Youth.
Enforce SSO to use SAML only, prevent use of secondary accounts for domains
One reason we leverage SSO is pass off authentication and MFA to our IDP, Google. By doing so, users logging into Expensify will be subject to the Google password and account policies.
If we don't have an ability to restrict the ability for user accounts within our company's domain to create a secondary account, this creates a large security gap. Would love to see the ability to restrict the based on domains/groups.
Comments
While it's not possible to restrict users from creating secondary logins, you can fully lock down their ability to use them for login purposes. The true benefit of a secondary login comes from the ability to forward receipts from that email and have them import into their Expensify account. This simply makes it easier for employees to stay on top of their expenses by giving them multiple options for upload.
If you use a combination of enforcing SAML login and restricting primary login selection, you can allow employees the benefit of receipt upload and force them to use their SAML login credentials to access Expensify.
Domain Settings to enforce SAML login:
Don't forget to vote for your own idea in your original post above!
- Spam
- Abuse
- Report
0 · Accept Answer Off Topic Insightful Vote Up AwesomeThanks for the tip! In our case, all receipts would need to come from a corporate email account, not a secondary personal email account. In this case, a secondary login wouldn't be necessary, right?
- Spam
- Abuse
- Report
0 · Accept Answer Off Topic Insightful Vote Up Awesome@beer correct, they'd be unnecessary in that case. You could make this topic a part of your employee onboarding instructions. Education driven compliance is always a great way to keep everyone on the same page.
- Spam
- Abuse
- Report
0 · Accept Answer Off Topic Insightful Vote Up AwesomeAwesome. How do I submit a feature request for this to get the attention of the product managers?
- Spam
- Abuse
- Report
0 · Accept Answer Off Topic Insightful Vote Up Awesome@beer, you can submit a request in the Community by posting in the Ideas category. This post will give other customers a chance to vote for the feature. Since this thread is already in the Ideas category and waiting for votes, you're all set.
If you scroll to the top of this thread, you'll see the option to vote for your own idea, which I highly encourage you to do.
- Spam
- Abuse
- Report
0 · Accept Answer Off Topic Insightful Vote Up AwesomeThank you! Just voted.
- Spam
- Abuse
- Report
0 · Accept Answer Off Topic Insightful Vote Up Awesome