Float Professional Plan customers can configure Single Sign-On using SAML to allow users to easily authenticate and access Float.
This feature is available to customers on Float's Professional or Enterprise Plans. View detailed plan information at floatfinancial.com/pricing and contact us via support@floatfinancial.com if you'd like to upgrade!
If your business' IdP is not Okta, please refer to: Configuring SAML Single Sign-On (SSO) to Float
This setup involves systems outside of Float. If you're not familiar with SAML configuration, we recommend involving a member of your business' IT team.
Configuring Okta for SAML SSO to Float
1. Log-in to the Okta Admin Console and go to Applications > Applications.
2. Click "Create App Integration" > Select "SAML 2.0" as the Sign-In method > Next
3. Name the app "Float", use the image below for the app logo, then click "Next"
5. Keep Okta open and in a separate browser tab or window, log-in to Float and go to Settings > Security > SAML. Scroll to the Service Provider Configuration Info.
As of December 2024, the ACS URL has been updated to reflect Float's new floatfinancial.com domain.
Copy the ACS URL, return to the Okta tab and paste it into the Single Sign On URL field.
6. Switch back to Float SAML tab and copy the Entity ID. Return to the Okta tab and paste it into the "Audience URI (SP Entity ID)" field. Leave all other settings in their default state.
Important Notes for SSO Configuration in Multi-Entity Businesses:
If your organization uses multiple entities in Float and all users share the same email domain, there are a few important requirements when configuring SAML/SSO.
Why users must exist in the main SSO entity
When SAML is configured in Float, your email domain is linked to a single SSO configuration. During login:
Float checks the domain of the email address entered
That domain automatically redirects the user to your Identity Provider (IdP) (e.g., Okta, Azure AD)
After authentication, the IdP sends the user back to the Float entity where SSO is configured
Because of this domain-based routing, only one Float entity can be associated with a SAML configuration for a given domain.
If a user exists only in a secondary entity, Float cannot log them in because authentication returns to the primary SSO entity, where their user profile does not exist.
To prevent login errors, users must therefore exist in the main SSO entity first, even if they primarily work in another entity.
Required setup for multi-entity SSO
If your entities share the same email domain:
Configure SAML/SSO in your primary Float entity
Provision users in your Identity Provider (IdP) so they can authenticate via SSO
Ensure each user exists in the primary SSO entity
Add the user to any additional entities they need to access
This allows users to authenticate successfully through SSO and access the entities they work in.
Please note: Just-in-Time (JIT) provisioning will automatically create users only in the primary entity where SAML is configured.
Setting a default entity after login
Once users have access to multiple entities, they can set their preferred one as their default.
Sign in to Float using SSO
Click the business name in the top-left corner
Select the entity you want to use
Click the ⋮ (three dots) beside the entity
Select Set as default business