Skip to main content
Note:This setup process should be performed by an IT administrator.
SSO is currently not support on mobile devices.

Prerequisites

1
You have configured an enterprise workspace that supports SAML 2.0 SSO, and allows you to download a Base64 signing certificate. Common SSO providers include Okta, OneLogin, Auth0, Google Workspace, and Azure Active Directory.
2
Ensure that your PEX cardholders and administrators set their usernames to be the NameID (typically an email address) associated with your identity provider. PEX users can change their usernames in My Profile.

How to configure SSO for your PEX account

1
Create a new application for PEX Dashboard on your identity provider. PEX is currently not available through identity provider application marketplaces, so you will need to create a custom application.
2
Add all cardholders as users or add a group containing all cardholders to the PEX Dashboard application on your identity provider.
3
Provide the below PEX URL as both the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) on your identity provider SSO - SAML 2.0 configuration screen: 
https://coreapi.pexcard.com/internal/v4/sso/saml/login
4
Download the SAML 2.0 Base64 signing certificate for the PEX application from your identity provider
5
Log in as an admin to dashboard.pexcard.com
6
Navigate to Business Settings - Security, https://dashboard.pexcard.com/business-settings/security
7
Upload the SAML 2.0 signing certificate file downloaded from your identity provider.
image2.png
8
Your signing certificate should now be associated with your PEX business, and can be managed in the Business Settings - Security section.
image.png
9
Send users to the SSO applications screen for your identity provider and have them select the PEX Dashboard app to automatically log them into PEX using their SSO.

Frequently Asked Questions

This feature is not currently supported, but will likely be implemented in the future.
Businesses that use MPA/linked businesses should configure SSO in their “primary” PEX business where users should be set up with the same username as in their identity provider. They should use SSO to log into that business, and use MPA to access linked businesses.
No. PEX does not support Response Signing (Note: Okta turns this on by default).
No. PEX does not support Assertion Encryption.
No. PEX does not support SCIM Connector.
Last modified on April 23, 2026