UniFi Identity Enterprise - Add Expensify as an SSO App
Once you add Expensify as an SSO App, your users can sign in to Expensify using their Identity Enterprise credentials, and you can securely manage their access and lifecycle within Identity Enterprise.
Requirements
Before setting up Single Sign-On with Expensify you will need to make sure your domain has been verified.
Add Expensify to Identity Enterprise
- Go to Identity Enterprise Manager > SSO Apps.
- Click the Add icon in the upper right corner and select Expensify.
- Click Add.
- Click to download Identity Provider Metadata. You’ll need to upload this file to Expensify in the next section.
Configure SSO in Expensify
- Sign in to your Expensify account.
- In the left navigation pane, choose Admin > Domain Control.
- On the Domain Control page, select your domain name under the DOMAIN column.
- In the left navigation pane, choose SAML.
- Toggle the SAML Login option.
- (Optional) Enable the Required for login option. Note: It is recommended that you test the configuration to ensure it works correctly before enabling this option.
- Open the downloaded metadata XML file, copy its entire content, and paste it into the Identity Provider Metadata textbox.
Configure the Expensify SSO Settings in Identity Enterprise
- Navigate back to the Add Expensify page and scroll down to the Settings section.
- Name the app, for example: Expensify.
- Fill in your company domain.
- Fill in the SAML default relay state as needed. It is the destination to which the user will be redirected after they have completed the authentication process at the Identity Provider (IdP).
- Click Add.
Assign App Access to Users
To enable users to access Expensify with SSO, follow these steps:
-
Create Users in Expensify:
- Ensure that the email address used for their Expensify accounts matches their Identity Enterprise Account email.
-
Assign Expensify Access:
-
Individual Users:
- Navigate to Identity Enterprise Manager > Members > Users.
- Select the user.
- Go to Permissions > SSO App.
-
User Groups:
- Navigate to Identity Enterprise Manager > Members > Groups.
- Select the group.
- Go to Permissions > SSO App.
-
Direct Assignment:
- Navigate to: Identity Enterprise Manager > SSO Apps.
- Select Expensify from the app list.
- Go to the Assignments tab.
-
Individual Users:
This ensures that users are properly configured for SSO access to Expensify.