All Collections
Advanced configurations
Account integrations
Integrations: Setting Up Single Sign-On
Integrations: Setting Up Single Sign-On

Streamline user sign in with Single Sign-On (SSO), and control access.

Andrew Banta avatar
Written by Andrew Banta
Updated over a week ago

Single Sign-On, or SSO, allows your organization to use existing login credentials for ease of signing in. User's won't need to have a separate login password to sign into TravelBank, instead an Identity Provider (IdP) system manages the user's login information, which will create a consistent login experience for users across both internal systems, as well as signing into TravelBank.

Here are a few examples of some Identity Providers. These providers use Security Assertion Markup Language (SAML).

  • Okta

  • Azure

  • Workday

  • JumpCloud

You will need the following assertion consumer service URL:

https://api.travelbank.com/auth/saml/acs

Your SSO integration can be completed upon TravelBank's receipt of the following:

  • Metadata XML

    • entityID

    • ACS url

    • signing certificate

Choose from the following:

  • Configurations:

    • Enable user provisioning (When enabled, when users that do not exist in TravelBank sign in, a TravelBank account will be created)

    • Redirect on TravelBank login (This is off by default and will allow organizations to test their integration, once enabled all users whose email domains match the organization will be redirected to SSO)

  • This information can be shared with your implementations specialist.

  • Once received, your SSO implementation should be active in 2-3 business days.

Configuration in IdP:

  1. Add TravelBank as application in IdP, this will vary per provider.

  2. Add the following configurations:

    1. entityId - travelbank

    2. ACS url (may be called something else): https://api.travelbank.com/auth/saml/acs

    3. For most integration setups the login URL is: https://app.travelbank.com
      Other integrations will require a URL with a unique Integration ID, the basic URL will appear as follows: https://api.travelbank.com/auth/saml/{integrationId}

      In this setup, the IntegrationId ID required to complete this setup will be provided to you by TravelBank's software team.

3. The following claims that will need to be mapped in IdP (note that they are case-sensitive):

  • email

  • firstName

  • lastName

4. Make sure in IDP application is assigned to the right users

Frequently Asked Question:

If we occasionally need contractors or users who do not have a company email address to submit expenses or book travel using TravelBank, can they still sign in?

You can exclude users so that they are not required to authenticate using SSO. Your Customer Success Manager can help you with these users.

What if our company uses more than our primary domain for email addresses?

Multiple domains are supported, just share with us what the alternate domains are and we will ensure they are added to your integration.

Does our company's SSO integration auto-complete any fields in the Employee Directory in TravelBank?

While the SSO integration is a great way to control sign-in and create an easy way for your employees to access TravelBank, fields such as a user's manager, expense or travel policy, as well as any elevated permisions like admin or finance approver are set either in the Employee Directory by an admin, or through an Human Resource Management system (HRIS).

Created: 10Feb2023
Updated: 13Feb2023

Did this answer your question?