Expense Report Dashboard Setup
Accounting, allows you to customize your expense report dashboard url, you can also use the generic url which is enabled by default.
Using the Generic URL
If you don't want to setup a custom url for your expense report dashboard, you can use the generic one. Please note this URL cannot be disabled.
The generic URL follow this format: https://expense-report.accounting.sh/c/company-uuid. You can also use a shorten url: https://er.accounting.sh/c/company-uuid.
Once the page has loaded, the user can login using an email address or a configured OAuth Provider.
Retrieve your company uuid from the "my stantabcorp" settings page or the developer details on the dashboard.
Using your own domain
In order to use the custom URL, you first need a domain name with access to the DNS configuration.
In this example we are going to use expense-report.example.com.
1. Add a DNS record
First, you will need to create a CNAME DNS record pointing to custom-domain.accounting.sh.
Your record should look like something like this:
expense-report.example.com. IN CNAME custom-domain.accounting.sh
Currently, we do not support using a root domain name, the ALIAS record or CNAME Flattening.
2. Register your custom url
Once, you've added the DNS record, head over to your accounting dashboard, and go to Settings > Expense Report.
Then, add expense-report.example.com into the field "Expense Report URL", then save.
Our system, will then check for the DNS record and setup everything required on our side. Once this is complete, you will receive an email.
Please note, this process may take up to two hours.
Email Validation
You can enable a simple email validation rule to prevent unauthorized users from logging onto your expense report dashboard.
The validation rule uses Symfony's Expression Language, the expression result should evaluate to a boolean.
We expose three variables:
email | The full user email address |
domain | The domain part of the email address |
user | The user part (before @) of the email address |
OAuth Configuration for Expense Report Dashboard
You can also allow users to login onto their expense report dashboard by using an OAuth Provider. We currently only support Google and Azure AD.
Google OAuth Configuration:
- Create Google OAuth Credentials:
- Go to the Google Cloud Console.
- Navigate to the Credentials page by selecting the project or creating a new one.
- Click on Create Credentials > OAuth client ID.
- Choose the application type, set up the consent screen with necessary details.
- Configure the redirect URI to the specific URI provided in the Expense Report Dashboard.
- Retrieve the generated client ID and client secret.
Microsoft AD OAuth Configuration:
- Create Microsoft AD OAuth Credentials:
- Visit the Azure Portal.
- Go to Azure Active Directory > App registrations > New registration.
- Configure the application by providing a name and selecting the supported account types.
- Note the redirect URI, as it will be required during the OAuth setup in the Expense Report Dashboard.
- After registration, access the newly created app's Certificates & secrets to obtain the client secret.
The redirect URI depends on if you are using your own domain or not.
If using your own domain: Simple enter https://youdomain.com
If using our domain enter: https://expense-report.accounting.sh
Do not add a trailing slash
Accounting OAuth Setup:
-
Once you have the client ID and client secret for both providers, navigate to the Company Settings > Oauth Configuration.
-
Add a new OAuth configuration for Google and/or Microsoft AD by entering the client ID and client secret obtained in the previous steps.
Don't forget to save your changes
Link OAuth Configuration to your expense report dashboard
- Go to Settings > Expense report
- Under the Allowed OAUth configuration, select the OAuth provider configuration you have just made
- Save, and you should be able to login using the configured oauth provider.
Configure Email Login (Optional)
Once you've added an OAuth Provider to your expense report dashboard, you can choose to still allow or disallow, login using an email address. To do so, simply check or uncheck the "Allow login via email" check box.