Skip to main content

Configuring SAML Single Sign-On (SSO) to Float

  • Updated

Float Professional Plan customers can configure Single Sign-On using SAML to allow users to easily authenticate and access Float. 

This feature is available to customers on Float's Professional or Enterprise Plans. View detailed plan information at floatfinancial.com/pricing and contact us via support@floatfinancial.com if you'd like to upgrade!

SAML (Security Assertion Markup Language) is a standard of communication between an Identity Provider (IdP) managed by your business and a Service Provider (SP) - in this case, Float. 

To prevent double-authentication, enabling SAML will deactivate Float's Multi-Factor Authentication for all users in your business. Users will authenticate through your IdP instead. 

If your business' IdP is Okta, Google or Microsoft Azure, please refer to the relevant guide: 

Using Okta as an Identity Provider for SAML SSO to Float

Using Google as an Identity Provider for SAML SSO to Float

Setting up SAML-SSO with Microsoft Azure

 

This setup involves systems outside of Float. If you're not familiar with SAML configuration, we recommend involving a member of your business' IT team. 

 

Enabling SAML-SSO

1. Log-in to app.floatfinancial.com as an Administrator and navigate to Settings > Security > SAML

2. Click "+ Add Domain

  • Add the domains that your business owns and are components of the email addresses your users use to log-in to Float, ie yourcompany.biz. 

  • Click "OK" to save each Associated Domain

3. Click "Verify" to view steps to verify ownership of each domain. 

  1.  

    1. Log in to your domain host

    2. Choose the domain name you want to add the TXT record to 

    3. Add a TXT record containing the Float verification code provided

    4. Save your changes and wait until they take effect. The changes generally occur within a few hours but can take up to 72 hours depending on your domain host. 

    5. Check the box "I have added TXT record to my domain" 

    6. Click "Verify Domain"

Screenshot 2024-11-15 at 5.02.02 PM.png

 

4. Copy the Service Provider Configuration Info and enter them into your IdP when configuring the Float application.

  •  

    • Assertion Consumer Service (ACS) URL

    • Entity IDScreen_Shot_2022-09-23_at_3.19.25_PM.png

 

5. Under "Custom Attributes", select your IdP to view guidance on creating the custom Float attributes you must configure in your IdP in order for your SAML integration to Float to function.Screen_Shot_2022-09-23_at_3.21.08_PM.png

 

6. Once the configuration in your IdP is finished, complete the Identity Provider Configuration Info using one of the following: 

  •  

    •  

      • URL - Set up your SAML SSO provider using a URL to your IdP metadata

      • XML file - Set up your SAML SSO provider using the IdP metadata XML file supplied by your IDP

      • Manual Input - Directly input your Sign in URL and X.509 Certificate

    • Click "Save Configuration"

 

7. Test your SAML SSO configuration using the "Test SAML Sign In" button

  •  

    • Please ensure that the email you use to log-in to Float is identical to your email address in your SAML IdP.

 

8. Toggle "Enable SAML SSO for entire organization" to allow all employees under the configured domains to access Float via SAML SSO. 

 

Going forward when new users are created in your IdP and they use that system to access Float, they'll be created as a Float user with the "Spender" role automatically (an Administrator can change their role after they're created). Users can also be created directly in Float before granting access in your IdP, as long as their email addresses match. 

Some Important Considerations for SSO Configuration:

  • Multi-entity businesses:
    • If your business is multi-entity and uses the same email domain for all users, then you must ensure that users are configured in the SSO of the main entity AND the other entity that they will be primarily using
    • The IdP contains a redirect URL that points back to the main entity in Float, and there's currently no way to configure multiple entities to point to different redirect URLs if users share the same domain, meaning only one entity can be associated with a SAML configuration. This is why users must be configured in the main entity's SSO, even if they will be working under a different entity
    • Once configured in both entities, users can sign in, toggle to their main account, and set it as their default account by following the steps below:
      1. Log in to your Float account through your SSO
      2. Click the business name in the top-left corner > from here, you can toggle between accounts
      3. Click the 3 vertical dots on the account that you want to make default > click "Select as default business"
      4. Moving forward, you will be automatically logged into this account 

 

If you have any questions or require assistance, contact us via support@floatfinancial.com 

 

 

Related articles