Float Professional Plan customers can configure Single Sign-On using SAML to allow users to easily authenticate and access Float.
SAML (Security Assertion Markup Language) is a standard of communication between an Identity Provider (IdP) managed by your business and a Service Provider (SP) - in this case, Float.
To prevent double-authentication, enabling SAML will deactivate Float's Multi-Factor Authentication for all users in your business. Users will authenticate through your IdP instead.
If your business' IdP is Okta, Google or Microsoft Azure, please refer to the relevant guide:
Using Google as an Identity Provider for SAML SSO to Float
Setting up SAML-SSO with Microsoft Azure
This setup involves systems outside of Float. If you're not familiar with SAML configuration, we recommend involving a member of your business' IT team.
Enabling SAML-SSO
1. Log-in to app.floatfinancial.com as an Administrator and navigate to Settings > Security > SAML
2. Click "+ Add Domain"
- Add the domains that your business owns and are components of the email addresses your users use to log-in to Float, ie yourcompany.biz.
- Click "OK" to save each Associated Domain
3. Click "Verify" to view steps to verify ownership of each domain.
-
- Log in to your domain host
- Choose the domain name you want to add the TXT record to
- Add a TXT record containing the Float verification code provided
- Save your changes and wait until they take effect. The changes generally occur within a few hours but can take up to 72 hours depending on your domain host.
- Check the box "I have added TXT record to my domain"
- Click "Verify Domain"
4. Copy the Service Provider Configuration Info and enter them into your IdP when configuring the Float application.
-
- Assertion Consumer Service (ACS) URL
- As of December 2024, the ACS URL has been updated to reflect Float's new floatfinancial.com domain.
- Entity ID
- Assertion Consumer Service (ACS) URL
5. Under "Custom Attributes", select your IdP to view guidance on creating the custom Float attributes you must configure in your IdP in order for your SAML integration to Float to function.
6. Once the configuration in your IdP is finished, complete the Identity Provider Configuration Info using one of the following:
-
-
- URL - Set up your SAML SSO provider using a URL to your IdP metadata
- XML file - Set up your SAML SSO provider using the IdP metadata XML file supplied by your IDP
- Manual Input - Directly input your Sign in URL and X.509 Certificate
- Click "Save Configuration"
-
7. Test your SAML SSO configuration using the "Test SAML Sign In" button
-
- Please ensure that the email you use to log-in to Float is identical to your email address in your SAML IdP.
8. Toggle "Enable SAML SSO for entire organization" to allow all employees under the configured domains to access Float via SAML SSO.
Going forward when new users are created in your IdP and they use that system to access Float, they'll be created as a Float user with the "Spender" role automatically (an Administrator can change their role after they're created). Users can also be created directly in Float before granting access in your IdP, as long as their email addresses match.
If you have any questions or require assistance, contact us via support@floatfinancial.com