Security Assertion Markup Language (SAML) is a standard of communication between Identity Providers (IDP) and Service Providers (SP) like Float!
Float allows companies to set up SAML to seamlessly onboard their employees to start spending on the platform.
Note: SAML is only available for Professional Plan Customers.
Important: If you are using SAML-SSO with your Float account, please ensure you have MFA disabled for your users! This will ensure users aren't required to double-authenticate to log in. You can verify this is disabled by following these steps:
- Navigate to 'Security' in the Settings page within Float
- Click the 'MFA' tile
- Ensure the MFA requirement for all users to set up is toggled 'OFF'
Navigate to the Settings Section within Float and Select Security Section within the Settings Page
Ensure that you’ve selected SAML and not MFA (Multi-Factor Authentication) as it’s a different authentication feature.
Add a domain you wish to be authenticated when logging in. For example:
Floats domain is floatcard.com, so the domain we’re looking to authenticate is floatcard.com. The next time someone logs into Float using firstname.lastname@example.org, the domain will go through Float's SAML authentication.
Verify your domain through your domain host. Once you've verified your domain, you will need to add the record in the steps below in order to successfully verify your domain.
Copy the SP configuration info you'll need to enter in your IDP. The IT team will know where the configuration info should go in your IDP.
Based on your IDP, create (2) of the custom Float attributes required for your SAML integration to function. Note: Float does support other IDP providers outside of Google, Okta and Microsoft Azure
Once your IT team has configured your IDP, please provide Float with the following info:
Save your configuration and test your SAML Sign In. Please ensure that your email in Float is identical to your email in your SAML system (ie. Okta, Google or Microsoft Azure). If your email in Float is different (ie. missing your last name or using a pseudonym, you will need to ask our support team to update it to be an exact match).
Once SAML is successfully enabled, toggle to enable all employees under your domain to sign in via SAML-SSO moving forward. You'll also be able to onboard new employees via SAML-SSO by giving them access in that system. Once you grant access and they use that system to access Float, they will be created as a spender in Float automatically. If you want to assign them with higher role permissions or assign them to a specific team, you can create them as a user in Float before granting them access in your SAML system. You can also edit a user's role and team in Float at any time.