miniOrange provides secure access to Expensify for enterprises and full control over access to the application. Single Sign On (SSO) into Expensify with one set of login credentials.
miniOrange supports both IdP (Identity Provider) and SP (Service Provider) initiated Single Sign On (SSO)
Follow the Step-by-Step Guide given below for Expensify Single Sign On (SSO)
Step 1: Configure SSO for Expensify
- Login to your Expensify account as the Account Administrator.
- Click on Admin and go to Domain Control.
- Click the box to add your domain, enter your Domain Name in the pop-up and click on Okay.
- Click on Verify Now and follow the steps there to verify your domain.
- Once verified, click on your Domain Name and go to SAML.
- For downloading the miniOrange Metadata, Contact Us.
- Open the miniOrange Metadata in notepad and paste the contents in the Identity Provider MetaData field.
- The SAML settings will be saved automatically.
- Login to miniOrange Admin Console.
- Go to Apps >> Manage Apps. Click Configure Apps button.
- Click on SAML tab. Select Expensify.
- Make sure the SP Entity ID or Issuer is in the format: https://www.expensify.com/authentication/saml/loginCallback?domain=your_domain.com.
- Make sure the ACS URL is in the format: https://www.expensify.com/authentication/saml/loginCallback?domain=your_domain.com
- Make sure the Single Logout URL is in the format: https://www.expensify.com/authentication/saml/logout?d.
- Leave the Attributes section empty.
- Click on Save to configure Expensify.
Step 2: Create a policy for Expensify
- Login to miniOrange Admin Console.
- Go to Policies >> App Authentication Policy.
- Add a new policy for Expensify.
- Select Expensify from Application dropdown.
- Select a Group Name from the dropdown - the group for which you want to add Expensify policy.
- Give a policy name for Expensify in the Policy Name field.
- Select the First Factor Type for authentication.
- Enable Second Factor for authentication if required.
- Click on Save button to add policy for Expensify Single Sign On (SSO).
- Now click on Onboard users into our system from View Policy Tab.
Step 3: Onboard users into our system.
- Click on Users >> Add User.
- Here, fill the user details without the password and then click on the Create User button.
- Click on On Boarding Status tab. Check the email, with the registered e-mail id and select action Send Activation Mail with Password Reset Link from Select Action dropdown list and then click on Apply button.
- Now, Open your email id. Open the mail you get from miniOrange and then click on the link to set your account password.
- On the next screen, enter the password and confirm password and then click on the Reset Password button.
- Now, you can log in into miniOrange account by entering your credentials.
Step 4: Login to miniOrange Account
- Go to miniOrange dashboard and select the User Dashboard from the right side menu.
- Click on Expensify application which you added, to verify your sso configuration.
Using Two Factor Authentication for Expensify
The most practical way to strengthen authentication is to require a second factor after the username/password stage. Since a password is something that a user knows, ensuring that the user also has something or using biometrics thwarts attackers that steal or gain access to passwords.
Traditional two-factor authentication solutions use hardware tokens (or "fobs") that users carry on their keychains. These tokens generate one-time passwords for the second stage of the login process. However, hardware tokens can cost up to $40 each. It takes time and effort to distribute them, tracks who has which one, and replace them when they break. They're easy to lose, hard to use, and users consistently report high levels of frustration with token-based systems.
For further details refer :