An identity provider is a third party service providing directory services for managing user data and allowing centralised management of user sign-on.
Examples of identity providers are:
Microsoft Entra Active Directory (Previously Microsoft Azure)
To use an identity provider for SSO with ExpenseIn, you must add the identity provider and associate it with one or more domains within the Admin area. This allows the correct identity provider to be contacted for a particular email address being used for SSO.
Note: If setting up ExpenseIn manually within your identity provider rather than adding it from the app catalogue, you will need the following information:
Application ACS/Reply URL: https://app.expensein.com/samlcallback
Application SAML Audience: https://app.expensein.com
Application Entity ID: https://app.expensein.com
How to add an identity provider
1. Click the Account Name > Admin.
2. In the Integrations section, click the Single Sign-On subheading.
3. Click the New Provider + button.
4. Enter the Provider Name.
Note: This is purely a label for you to identify the provider and does not affect SSO functionality.
5. Choose the desired options for SSO with this identity provider:
The Sign-On Mode dictates whether users can sign-in with their email address and password as well as using SSO (Mixed Mode), or can only use SSO (SSO Only).
The Provider Initiated Sign-On option dictates whether sign-on must be started from the ExpenseIn website or mobile application (No), or can be triggered from the Identity Provider (Yes). Switch this on if you want to allow users to open ExpenseIn directly from a dashboard provided by your Identity Provider.
The Enabled option allows you to enable or disable this Identity Provider, which may be useful during testing.
6. Depending on what information your Identity Provider gives you, you have two options:
Fill in the Target Url, Issuer and Certificate fields individually. The values of these should be given by your Identity Provider.
If you have access to the Identity Provider (IdP) Metadata then click Load from Metadata... and the form will change to allow you to paste either the metadata XML directly, or a URL linking to the metadata. After pasting either of these, the form will attempt to parse the metadata and fill in the Target Url, Issuer and Certificate fields.
7. Click Create to save the identity provider. You should now see the identity provider in the identity providers list.
Note: The identity provider will not show as in use until it has been linked to one or more domains.
Follow the steps in our Help Article to add one or more domains to your identity provider.