Companies with Okta can now deactivate users in Expensify using the Okta SCIM API.  This means that when a user is deactivated in Okta their access to Expensify will expire and they will be logged out of both the web and mobile apps.  This page takes you through the steps to enable this feature.

Requirements:

Functionality

Included in the integration:

  • Deactivate Users in Expensify
  • Export Users (from Expensify to Okta)

Not in the integration:

  • Create Users in Expensify
  • Update User Attributes in Expensify
  • Group Push from Okta to Expensify
  • Import Groups from Expensify to Okta
  • Sync Password

Enabling Okta deactivation

Step 1 - Add Expensify as an app in Okta

In Okta, go to Admin > Applications > Add Application.  Search for Expensify and click on Add 

Enter your company domain (e.g. yourcompany.com)

On Sign-On Options, click Next (leaving default settings)

On Assign to People, click Next and then click Done

Step 2 - Enable Okta SAML in Expensify

In Okta, go to to Admin > Applications > Expensify > Sign On > View Setup Instructions and follow the steps listed. 

Step 3 - Contact Expensify to enable Okta SCIM

Email help@expensify.com providing your domain and request that Okta SCIM be enabled. You will receive a response when this has been actioned.

Step 4 - Copy Okta SCIM Token

In Expensify, go to Domain Control > [Domain Name] > SAML > Show Token and copy the Okta SCIM Token.

Step 5 - Enable Okta SCIM in Okta

In Okta, go to Admin > Applications > Expensify > Provisioning > API Integration >  Configure API Integration.

Select Enable API Integration, paste the Okta SCIM Token in API Token field and click Save.

Go to To App, click Edit Provisioning Users, select Enable Deactivate Users and then Save.

You may also need to set up the Expensify Attribute Mappings if you have not previously.

Successful activation of this function will be indicated by the green Push User Deactivation is enabled icon at the top of the app page.

Note: If importing users from Expensify to Okta, ensure Okta UserName Format is set on the To Okta page

For a live overview of the Policy Admin role, policy management and administration, register for our free Admin Onboarding Webinar!

Still looking for answers? Search our Community for more content on this topic! 

Did this answer your question?