Single Sign-On, or SSO, allows your organization to use existing login credentials for ease of signing in. User's won't need to have a separate login password to sign into TravelBank, instead an Identity Provider (IdP) system manages the user's login information, which will create a consistent login experience for users across both internal systems, as well as signing into TravelBank.
Here are a few examples of some Identity Providers. These providers use Security Assertion Markup Language (SAML).
Okta
Azure
Workday
JumpCloud
You will need the following assertion consumer service URL:
https://api.travelbank.com/auth/saml/acs
Your SSO integration can be completed upon TravelBank's receipt of the following:
Metadata XML
entityID
ACS url
signing certificate
Choose from the following:
Configurations:
Enable user provisioning (When enabled, when users that do not exist in TravelBank sign in, a TravelBank account will be created)
Redirect on TravelBank login (This is off by default and will allow organizations to test their integration, once enabled all users whose email domains match the organization will be redirected to SSO)
This information can be shared with your implementations specialist.
Once received, your SSO implementation should be active in 2-3 business days.
Configuration in IdP:
Add TravelBank as application in IdP, this will vary per provider.
Add the following configurations:
entityId -
travelbank
ACS url (may be called something else):
https://api.travelbank.com/auth/saml/acs
For most integration setups the login URL is: https://app.travelbank.com
Other integrations will require a URL with a unique Integration ID, the basic URL will appear as follows:https://api.travelbank.com/auth/saml/{integrationId}
In this setup, the IntegrationId ID required to complete this setup will be provided to you by TravelBank's software team.
3. The following claims that will need to be mapped in IdP (note that they are case-sensitive):
email
firstName
lastName
4. Make sure in IDP application is assigned to the right users
Frequently Asked Question:
If we occasionally need contractors or users who do not have a company email address to submit expenses or book travel using TravelBank, can they still sign in?
You can exclude users so that they are not required to authenticate using SSO. Your Customer Success Manager can help you with these users.
What if our company uses more than our primary domain for email addresses?
Multiple domains are supported, just share with us what the alternate domains are and we will ensure they are added to your integration.
Does our company's SSO integration auto-complete any fields in the Employee Directory in TravelBank?
While the SSO integration is a great way to control sign-in and create an easy way for your employees to access TravelBank, fields such as a user's manager, expense or travel policy, as well as any elevated permisions like admin or finance approver are set either in the Employee Directory by an admin, or through an Human Resource Management system (HRIS).
Created: 10Feb2023
Updated: 13Feb2023