How-to: Set up SAML Authentication with Centrify

Sheena Trepanier
Sheena Trepanier Expensify Team, Approved! Accountant, Expensify Student Ambassador Posts: 1,362 Expensify Team
edited August 2020 in How-to Docs

Please note you will need a corporate policy as well as Domain enabled in order to set this up.

  1. Go to

2. Click apps, click Add Web Apps

3. Click the Custom tab, scroll down, click SAML 

4. Close dialog. You should then land on app settings. If not, click 'apps' and click 'newly added app' from the list.

5. Enter 'Assertion Consumer Service URL' within Trust > Service Provider Configuration > Metadata:<> (making sure you change the bolded text to your domain), then click Save.

6. Scroll up and download metadata (save file for later) 

7. Click Description tab and set application name to 'Expensify - SAML', add description, upload image, and set a category. Click Save.

8. Click User Access tab , check 'Everybody' and leave Automatic Install as-is. Click Save.

9 . Open the metadata file you saved, search for <KeyDescriptor> and add the use="signing" attribute so it looks like so: <KeyDescriptor use="signing">

10. Copy the contents of the file into your SAML settings in Domain Control in Expensify.

All set! 

For further troubleshooting, check out Centrify's custom SAML setup doc here.

For a live overview of the Policy Admin role, policy management and administration, register for our free Admin Onboarding Webinar!