Float Professional Plan customers can configure Single Sign-On using SAML to allow users to easily authenticate and access Float.
This feature is available to customers on Float's Professional or Enterprise Plans. View detailed plan information at floatfinancial.com/pricing and contact us via support@floatfinancial.com if you'd like to upgrade!
If your business' IdP is not Google, please refer to: Configuring SAML Single Sign-On (SSO) to Float
This setup involves systems outside of Float. If you're not familiar with SAML configuration, we recommend involving a member of your business' IT team.
Configuring Google for SAML SSO to Float
1. Log-in to your Google admin dashboard at admin.google.com
2. Open the sidebar menu > Apps > Web and mobile apps.
3. Click "Add app” > "Add custom SAML app".
4. Name the app "Float Financial". You can use the following image for the app icon:
Click "Continue".
5. On the Google Identity Provider details, choose "Option 1: Download IdP metadata" > Download Metadata".
6. Keep Google Admin open and in a separate browser tab or window, log-in to Float and go to Settings > Security > SAML . Under "Identity Provider Configuration Info", choose "XML file" > Upload XML file > select the IdP metadata file downloaded from Google > "Save Configuration".
7. Scroll to the Service Provider Configuration Info.
Keep the Float SAML settings page open to these values and switch to the Google Admin tab. Click "Continue" to advance to the "Service Provider Details" page. Copy the ACS URL and Entity ID from the Float SAML settings to the Service Provider Details on Google Admin.
8. Click "Continue to advance to the Attribute mapping page. Under attributes, add the following mappings:
“First Name” -> “given_name”,
“Last Name” -> “family_name”,Click “Finish”.
9. Return to the Float SAML settings page. Press the “Test” button to test signing in via SAML. This will redirect you to your IdP to sign in.
If the status does not change, then there is an issue with the IdP configuration - please review the configuration steps above.
If the test is successful and your IdP configuration is verified, the status will change to “Tested”.
Toggle "Enable SAML SSO for entire organization".
Going forward when new users are created in your IdP and they use that system to access Float, they'll be created as a Float user with the "Spender" role automatically (an Administrator can change their role after they're created). Users can also be created directly in Float before granting access in your IdP, as long as their email addresses match.
Important Notes for SSO Configuration in Multi-Entity Businesses:
If your organization uses multiple entities in Float and all users share the same email domain, there are a few important requirements when configuring SAML/SSO.
Why users must exist in the main SSO entity
When SAML is configured in Float, your email domain is linked to a single SSO configuration. During login:
Float checks the domain of the email address entered
That domain automatically redirects the user to your Identity Provider (IdP) (e.g., Okta, Azure AD)
After authentication, the IdP sends the user back to the Float entity where SSO is configured
Because of this domain-based routing, only one Float entity can be associated with a SAML configuration for a given domain.
If a user exists only in a secondary entity, Float cannot log them in because authentication returns to the primary SSO entity, where their user profile does not exist.
To prevent login errors, users must therefore exist in the main SSO entity first, even if they primarily work in another entity.
Required setup for multi-entity SSO
If your entities share the same email domain:
Configure SAML/SSO in your primary Float entity
Provision users in your Identity Provider (IdP) so they can authenticate via SSO
Ensure each user exists in the primary SSO entity
Add the user to any additional entities they need to access
This allows users to authenticate successfully through SSO and access the entities they work in.
Please note: Just-in-Time (JIT) provisioning will automatically create users only in the primary entity where SAML is configured.
Setting a default entity after login
Once users have access to multiple entities, they can set their preferred one as their default.
Sign in to Float using SSO
Click the business name in the top-left corner
Select the entity you want to use
Click the ⋮ (three dots) beside the entity
Select Set as default business
If you have any questions or require assistance, contact us via support@floatfinancial.com