Merge branch 'main' into vit-updateHybridAppBuild

* main: (76 commits)
  Update Mobile-Expensify to 9.0.89-7
  Update version to 9.0.89-7
  Revert "Merge pull request #55528 from software-mansion-labs/use-onyx/auth-screens"
  Match the horizontal padding in the search router with LHN
  Update redirects.csv
  Fix padding in TravelTerms
  close RHP after provisioning
  Fix routes to work after page refresh
  Close RHP
  Fix bottom padding
  Add unit test
  Update redirects.csv
  Update and rename SAML-SSO.md to Managing-Single-Sign-On-(SSO)-in-Expensify.md
  Update SAML-SSO.md
  Make code more readable
  Add title in the header
  Fix lint errors
  Update comment
  Hide Split Expense from trip rooms
  Use TextLink and and styles instead of RenderHTML
  ...

# Conflicts:
#	Mobile-Expensify

android/app/build.gradle

@@ -110,8 +110,8 @@ android {
         minSdkVersion rootProject.ext.minSdkVersion
         targetSdkVersion rootProject.ext.targetSdkVersion
         multiDexEnabled rootProject.ext.multiDexEnabled
-        versionCode 1009008906
-        versionName "9.0.89-6"
+        versionCode 1009008907
+        versionName "9.0.89-7"
         // Supported language variants must be declared here to avoid from being removed during the compilation.
         // This also helps us to not include unnecessary language variants in the APK.
         resConfigs "en", "es"

docs/articles/expensify-classic/domains/Managing-Single-Sign-On-(SSO)-in-Expensify.md

@@ -0,0 +1,77 @@
+---
+title: Managing Single Sign-On (SSO) and User Authentication in Expensify
+description: Learn how to effectively manage Single Sign-On (SSO) and user authentication in Expensify alongside your preferred SSO provider. Our comprehensive guide covers SSO setup, domain verification, and specific instructions for popular providers like AWS, Okta, and Microsoft Azure. Streamline user access and enhance security with Expensify's SAML-based SSO integration.
+---
+
+Expensify supports Single Sign-On (SSO) through the SAML protocol, allowing you to optimize user authentication and improve security across your organization. Whether you're an IT admin configuring your domain or a team lead ensuring secure user access, this guide walks you through setting up and managing SAML SSO for your Expensify account
+
+# Accessing SAML Settings
+⚠️ **Pre-requisite:** Ensure your [domain is verified](https://help.expensify.com/articles/expensify-classic/domains/Claim-And-Verify-A-Domain#step-2-verify-domain-ownership).
+
+1. Navigate to: **Settings > Domains > [Domain Name] > SAML**.  
+2. **From the Domains page:**  
+   - Download Expensify's **Service Provider Metadata** to provide to your Identity Provider.  
+   - Enter the **Identity Provider Metadata** from your SSO provider. (Contact your provider if unsure how to obtain this).  
+   - Enable the **"SAML required for login"** option, ensuring users sign in via SSO only.
+
+---
+## Provider-Specific Setup Instructions
+Click on your Identity (SAML) Provider for detailed steps:  
+- [Amazon Web Services (AWS SSO)](https://static.global.sso.amazonaws.com/app-202a715cb67cddd9/instructions/index.htm)  
+- [Google SAML (Gsuite)](https://support.google.com/a/answer/7371682)  
+- [Microsoft Entra ID (formerly Azure Active Directory)](https://learn.microsoft.com/en-us/entra/identity/saas-apps/expensify-tutorial)  
+- [Okta](https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Expensify.html)  
+- [OneLogin](https://onelogin.service-now.com/support?id=kb_article&sys_id=e44c9e52db187410fe39dde7489619ba)  
+- [Oracle Identity Cloud Service](https://docs.oracle.com/en/cloud/paas/identity-cloud/idcsc/expensify.html#Expensify)  
+- [SAASPASS](https://saaspass.com/saaspass/expensify-two-factor-authentication-2fa-single-sign-on-sso-saml.html)  
+- Microsoft ADFS (instructions below).  
+
+**Note: If your provider isn't listed, contact them directly for guidance.**
+
+---
+# FAQ and Troubleshooting
+
+## User Login with SSO
+- Employees using their **company email** or a **secondary linked email** (e.g., Gmail) will be prompted to log in through SSO.  
+- Secondary login setup guide: [Change or Add Email Address](https://help.expensify.com/articles/expensify-classic/settings/Change-or-add-email-address).
+
+## Error During SSO Setup?
+- Use [samltool.com](https://samltool.com) to validate your configuration data.  
+- Contact your Account Manager or Concierge for further help.  
+
+## What is Expensify's Entity ID?
+- Default: `https://expensify.com`  
+- For Multi-Domain setups: `https://expensify.com/mydomainname.com`.
+
+## Managing Multiple Domains with One Entity ID 
+Yes, it's possible. Contact Concierge or your Account Manager to enable this feature.  
+
+## Updating Microsoft Entra ID SSO Certificate
+Steps to avoid configuration errors during certificate renewal:  
+1. **Create** a new certificate in Microsoft Entra.  
+2. **Remove** the old certificate before activating the new one.  
+3. Replace the **IDP** in Expensify with the new one.  
+4. Log in via SSO.  
+
+If issues persist, contact Concierge for assistance.  
+
+---
+# Advanced Configurations
+
+## Okta SCIM API for User Deactivation
+Ensure your domain is verified and the SAML setup is complete. Then, do the following:
+1. Go to **Settings > Domains > [Domain Name] > SAML**.  
+2. Enable SAML Login and toggle **Required for login**.  
+3. In Okta, add Expensify as an application, and configure user profile mappings.  
+4. Request **Okta SCIM API** activation via [email protected].  
+5. Integrate the **SCIM token** with Okta API provisioning.  
+
+Refer to the full setup in Okta's documentation for attribute mapping and provisioning options.
+
+## Microsoft ADFS SAML Authentication
+1. Open **ADFS Management Console** and add a new trust.  
+2. Import Expensify's metadata XML from the SAML page.  
+3. Configure **LDAP Attributes** for email or UPN.  
+4. Add two claim rules:  
+   - Send LDAP Attributes as Claims.  
+   - Transform Incoming Claim (Name ID). 

docs/redirects.csv

@@ -622,4 +622,5 @@ https://help.expensify.com/articles/new-expensify/expensify-card/Upgrade-to-the-
 https://help.expensify.com/articles/new-expensify/expensify-card/Dispute-Expensify-Card-transaction,https://help.expensify.com/articles/new-expensify/expensify-card/Disputing-Expensify-Card-Transactions
 https://help.expensify.com/articles/expensify-classic/expensify-card/Request-the-Card,https://help.expensify.com/articles/expensify-classic/expensify-card/Request-the-Expensify-Card
 https://help.expensify.com/articles/expensify-classic/settings/Change-or-add-email-address,https://help.expensify.com/articles/expensify-classic/settings/Managing-Primary-and-Secondary-Logins-in-Expensify
+https://help.expensify.com/articles/expensify-classic/domains/SAML-SSO,https://help.expensify.com/articles/expensify-classic/domains/Managing-Single-Sign-On-(SSO)-in-Expensify
 https://help.expensify.com/articles/expensify-classic/connect-credit-cards/company-cards/Direct-Bank-Connections,https://help.expensify.com/articles/expensify-classic/connect-credit-cards/Connect-Company-Cards

ios/NewExpensify/Info.plist

@@ -44,7 +44,7 @@
 		</dict>
 	</array>
 	<key>CFBundleVersion</key>
-	<string>9.0.89.6</string>
+	<string>9.0.89.7</string>
 	<key>FullStory</key>
 	<dict>
 		<key>OrgId</key>

ios/NewExpensifyTests/Info.plist

@@ -19,6 +19,6 @@
 	<key>CFBundleSignature</key>
 	<string>????</string>
 	<key>CFBundleVersion</key>
-	<string>9.0.89.6</string>
+	<string>9.0.89.7</string>
 </dict>
 </plist>

ios/NotificationServiceExtension/Info.plist

@@ -13,7 +13,7 @@
 	<key>CFBundleShortVersionString</key>
 	<string>9.0.89</string>
 	<key>CFBundleVersion</key>
-	<string>9.0.89.6</string>
+	<string>9.0.89.7</string>
 	<key>NSExtension</key>
 	<dict>
 		<key>NSExtensionPointIdentifier</key>

package.json

@@ -1,6 +1,6 @@
 {
   "name": "new.expensify",
-  "version": "9.0.89-6",
+  "version": "9.0.89-7",
   "author": "Expensify, Inc.",
   "homepage": "https://new.expensify.com",
   "description": "New Expensify is the next generation of Expensify: a reimagination of payments based atop a foundation of chat.",

src/CONST.ts

@@ -982,6 +982,7 @@ const CONST = {
         ACH_TERMS_URL: `${EXPENSIFY_URL}/achterms`,
         WALLET_AGREEMENT_URL: `${EXPENSIFY_URL}/expensify-payments-wallet-terms-of-service`,
         BANCORP_WALLET_AGREEMENT_URL: `${EXPENSIFY_URL}/bancorp-bank-wallet-terms-of-service`,
+        EXPENSIFY_APPROVED_PROGRAM_URL: `${USE_EXPENSIFY_URL}/accountants-program`,
     },
     OLDDOT_URLS: {
         ADMIN_POLICIES_URL: 'admin_policies',
@@ -6541,6 +6542,12 @@ const CONST = {
         SCAN_TEST_TOOLTIP: 'scanTestTooltip',
     },
     SMART_BANNER_HEIGHT: 152,
+    TRAVEL: {
+        DEFAULT_DOMAIN: 'domain',
+        PROVISIONING: {
+            ERROR_PERMISSION_DENIED: 'permissionDenied',
+        },
+    },
 } as const;
 
 type Country = keyof typeof CONST.ALL_COUNTRIES;

src/ONYXKEYS.ts

@@ -467,6 +467,9 @@ const ONYXKEYS = {
     /** Corpay onboarding fields used in steps 3-5 in the global reimbursements */
     CORPAY_ONBOARDING_FIELDS: 'corpayOnboardingFields',
 
+    /** Information about travel provisioning process */
+    TRAVEL_PROVISIONING: 'travelProvisioning',
+
     /** Collection Keys */
     COLLECTION: {
         DOWNLOAD: 'download_',
@@ -1055,6 +1058,7 @@ type OnyxValuesMapping = {
     [ONYXKEYS.PRESERVED_USER_SESSION]: OnyxTypes.Session;
     [ONYXKEYS.NVP_DISMISSED_PRODUCT_TRAINING]: OnyxTypes.DismissedProductTraining;
     [ONYXKEYS.CORPAY_ONBOARDING_FIELDS]: OnyxTypes.CorpayOnboardingFields;
+    [ONYXKEYS.TRAVEL_PROVISIONING]: OnyxTypes.TravelProvisioning;
 };
 type OnyxValues = OnyxValuesMapping & OnyxCollectionValuesMapping & OnyxFormValuesMapping & OnyxFormDraftValuesMapping;
 

src/ROUTES.ts

@@ -1580,7 +1580,10 @@ const ROUTES = {
         getRoute: (backTo?: string) => getUrlWithBackToParam('hold-expense-educational', backTo),
     },
     TRAVEL_MY_TRIPS: 'travel',
-    TRAVEL_TCS: 'travel/terms',
+    TRAVEL_TCS: {
+        route: 'travel/terms/:domain/accept',
+        getRoute: (domain: string, backTo?: string) => getUrlWithBackToParam(`travel/terms/${domain}/accept`, backTo),
+    },
     TRACK_TRAINING_MODAL: 'track-training',
     TRAVEL_TRIP_SUMMARY: {
         route: 'r/:reportID/trip/:transactionID',
@@ -1591,6 +1594,12 @@ const ROUTES = {
         getRoute: (reportID: string, transactionID: string, reservationIndex: number, backTo?: string) =>
             getUrlWithBackToParam(`r/${reportID}/trip/${transactionID}/${reservationIndex}`, backTo),
     },
+    TRAVEL_DOMAIN_SELECTOR: 'travel/domain-selector',
+    TRAVEL_DOMAIN_PERMISSION_INFO: {
+        route: 'travel/domain-permission/:domain/info',
+        getRoute: (domain?: string, backTo?: string) => getUrlWithBackToParam(`travel/domain-permission/${domain}/info`, backTo),
+    },
+    TRAVEL_PUBLIC_DOMAIN_ERROR: 'travel/public-domain-error',
     ONBOARDING_ROOT: {
         route: 'onboarding',
         getRoute: (backTo?: string) => getUrlWithBackToParam(`onboarding`, backTo),

src/SCREENS.ts

@@ -30,6 +30,9 @@ const SCREENS = {
         TCS: 'Travel_TCS',
         TRIP_SUMMARY: 'Travel_TripSummary',
         TRIP_DETAILS: 'Travel_TripDetails',
+        DOMAIN_SELECTOR: 'Travel_DomainSelector',
+        DOMAIN_PERMISSION_INFO: 'Travel_DomainPermissionInfo',
+        PUBLIC_DOMAIN_ERROR: 'Travel_PublicDomainError',
     },
     SEARCH: {
         CENTRAL_PANE: 'Search_Central_Pane',

src/components/Search/SearchRouter/SearchRouterList.tsx

@@ -479,7 +479,7 @@ function SearchRouterList(
             onSelectRow={onListItemPress}
             ListItem={SearchRouterItem}
             containerStyle={[styles.mh100]}
-            sectionListStyle={[shouldUseNarrowLayout ? styles.ph5 : styles.ph2, styles.pb2]}
+            sectionListStyle={[styles.ph2, styles.pb2]}
             listItemWrapperStyle={[styles.pr0, styles.pl0]}
             getItemHeight={getItemHeight}
             onLayout={() => {