Are you receiving SNAP/EBT or WIC benefits? The Expensify.org/SNAP-WIC-VAX campaign is live and accepting new members. Learn more about receiving $50 for submitting a SNAP/WIC receipt and $50 for getting your COVID-19 vaccine here and join today!
How-to: Enable SAML SSO
Enabling SAML Single Sign-On (SSO)
To enable SAML SSO in Expensify you will first need to claim and validate your domain.
Once you have a validated domain, you can access SAML SSO by navigating to Settings > Domains > [Domain Name] > SAML.
On this SAML page, you will be able to:
- Choose whether you want to make SAML required for login. If you choose this option, users will only be able to log in via SAML SSO. They will not be able to use an Expensify password.
- Get Expensify's Service Provider MetaData. You will need to give this to your identity provider.
- Enter your Identity Provider MetaData. Please contact your SAML SSO provider if you are unsure how to get this.
Related articles:
- Amazon Web Services (AWS SSO)
- Bitium
- Centrify
- Google SAML (for GSuite, not Google SSO)
- Microsoft Azure Active Directory
- Microsoft Active Directory Federation Services (ADFS)
- Okta
- OneLogin (this link doesn't work right now!)
- Oracle Identity Cloud Service
- SAASPASS
Troubleshooting
If you're getting an error when trying to set up SAML, check your configuration data for errors using this great tool https://www.samltool.com/validate_xml.php
EntityID Mismatch
The entityID for Expensify is https://expensify.com but remember to be sure not to copy in any extra / or spaces! Note: If you've enabled the Multi-Domain support (below) then your entityID will be https://myowndomain.com.expensify.com
Multiple Domains but only one entityID
We're currently testing an improvement to allow this for services such as GSuite and Azure which allow for this. Reach out to Concierge and ask to help us test it!
