Expensify supports single sign-on with SAML. Single sign-on allows your employees to log into Expensify with the same credentials they use for other business applications. You can also restrict employees to only being able to sign in via SSO. This allows you to have full control over password controls and employee access. Expensify supports any identity provider that uses SAML 2.0.
Enabling SAML Single Sign-On
To enable SSO in Expensify you will first need to have Domain Control enabled. Once you have Domain Control enabled, navigate to Admin > Domain Control > [domain name] > SAML.
On this page you will be able to:
- Choose whether you want to make SSO required for login. If you choose this option, users will only be able to log in via SSO. They will not be able to use an Expensify password.
- Get Expensify's Service Provider MetaData. You will need to provide this to your identity provider.
- Enter your Identity Provider MetaData. Please contact your SSO provider if you are unsure how to get this.
Signing in with SAML SSO
If your company has SAML sign in as option, you will be able to either enter your Expensify password or choose the SAML option.
If your company has SAML sign in required, you will only see the option to sign in via SAML.
To sign in via the mobile app, choose the "Company Sign In" option.