What is your rating of the Expensify product

Tutorial: Integrating Expensify with Azure Active Directory

  • 5 minutes to read

This tutorial shows you how to integrate Expensify with Azure Active Directory (Azure AD). The integration of Expensify with Azure AD enables the following:

  • Control who has access to Expensify in Azure AD.
  • Allow your users to automatically sign in to Expensify with their Azure AD accounts.
  • Manage your accounts centrally in the Azure portal.

requirements

To get started, you need the following:

  • An Azure AD subscription If you don't have a subscription, you can use a free Azure account.
  • Expensify subscription that has single sign-on (SSO) enabled

Description of the scenario

In this tutorial, you will configure and test Azure AD single sign-on in a test environment.

  • Expensify supported SP initiated single sign-on.

Note

The identifier of this application is a fixed string value, so only one instance can be configured in a tenant.

Adding Expensify from the catalog

To configure the Expensify integration with Azure AD, you must add Expensify from the catalog to the list of managed SaaS apps.

  1. Sign in to the Azure portal with a work, school, college or personal Microsoft account.
  2. Select the service in the left navigation area Azure Active Directory out.
  3. Navigate to Enterprise applications, and then select All applications out.
  4. To add a new application, select New application out.
  5. Enter in the section Add from catalog the search term Expensify in the search field.
  6. In the results pane, choose Expensify then add the app. Wait a few seconds while the app is added to your tenant.

Configure and test Azure AD single sign-on for Expensify

Configure and test Azure AD single sign-on with Expensify using a test user named B. Simon. For single sign-on to work, a link relationship must be established between an Azure AD user and the corresponding user in Expensify.

To configure and test Azure AD single sign-on with Expensify, do the following:

  1. Configure Azure AD single sign-on to enable your users to use this feature.
    1. Create an Azure AD test user to test Azure AD single sign-on with test user B. Simon.
    2. Assign the Azure AD test user to enable B. Simon to use Azure AD single sign-on.
  2. Configure single sign-on for Expensifyto configure the single sign-on settings on the application page
    1. Create an Expensify test userto get a B. Simon counterpart in Expensify linked to their representation in Azure AD
  3. Testing single sign-on to check that the configuration works

Configure Azure AD single sign-on (SSO)

Follow these steps to enable Azure AD single sign-on in the Azure portal.

  1. In the Azure portal, navigate to the application integration page for Expensify to the section Manage, and choose Single sign-on out.

  2. Select on the side Select the SSO method The method SAML out.

  3. Click on the side Set up single sign-on (SSO) with SAML on the pencil symbol for Basic SAML configurationto edit the settings.

  4. Enter in the section Basic SAML configuration the values ​​for the following fields:

    a. Enter in the text box Login URL the url:.

    b. Enter in the text box Identifier (Entity ID) the following url:.

    c. b. Enter in the text box Reply url a URL in the following format:

    Note

    The value of the response url does not match the actual value. Update the value with the correct response url. Contact the Expensify client support team for these values. You can also check out the patterns in the section Basic SAML configuration view in the Azure portal.

  5. Navigate the page Set up single sign-on (SSO) with SAML in the section SAML signing certificate to Metadata XML, and choose Download to download the certificate and save it on your computer.

  6. Copy the section Set up Expensify the appropriate URLs according to your requirements.

Create an Azure AD test user

In this section, you will create a test user named B. Simon in the Azure portal.

  1. Select in the left pane of the Microsoft Azure portal Azure Active Directory > user > All users out.
  2. Select the option at the top of the screen New User out.
  3. Under the properties for user the following steps:
    1. Enter in the field Surname the string.
    2. Enter in the field User name the string [email protected] Example:.
    3. Check the box Show password, and write down the value in the field password.
    4. click on Create.

Assign the Azure AD test user

In this section, you enable B. Simon to use Azure single sign-on by granting her access to Expensify.

  1. In the Azure portal, select Enterprise applications > All applications out.
  2. Select in the application list Expensify out.
  3. On the app's overview page, navigate to the section Manage, and choose Users and Groups out.
  4. Choose add user and then in the dialog box Add assignment the option Users and Groups out.
  5. In the dialog box, choose Users and Groups the entry in the "User" list B. Simon , then click the button at the bottom of the screen Choose.
  6. If you want to assign a role to users, you can choose it from the drop-down menu Select role choose. If no role has been set up for this app, the "Standard access" role is selected.
  7. Click in the dialog box Add assignment on the button To assign.

Configure single sign-on for Expensify

To enable SSO in Expensify, you must first have the Domain control activate. You can activate domain control in the application using the steps listed here. For further assistance, contact the Expensify client support team. After enabling domain control, do the following:

  1. Sign in to the Expensify application.

  2. Click in the left pane Settingsand navigate to SAML.

  3. Toggle the option SAML login to Activated around.

  4. Open the federation metadata you downloaded from Azure AD in Notepad, copy and paste the contents into the text box Identity Provider Metadata a.

Create an Expensify test user

In this section, you create a user named B. Simon in Expensify. Contact Expensify's client support team to add the users to the Expensify platform.

Testing single sign-on

In this section, you test the Azure AD single sign-on configuration with the following options:

  • In the Azure portal, click Test this application. This will redirect you to the Expensify login URL where you can initiate the login flow.

  • Go directly to the Expensify sign-in URL and initiate the sign-up flow.

  • You can use Microsoft's My Apps. When you click the Expensify tile in My Apps, you will be directed to the Expensify login URL. For more information on My Apps, see this introduction.

Next Steps

After configuring Expensify, you can enforce session control, which protects against exfiltration and infiltration of sensitive corporate data in real time. Session control is based on conditional access. Here's how to enforce session control with Microsoft Cloud App Security.