Skip to main content

Single sign-on, 2FA, and Google Sign-in

Control how your team signs in to their Float account

Written by Justyna Kawalec
Updated in the last 15 minutes

To keep your Float team secure, we offer multiple authentication options for signing in to Float.

The available options depend on your plan and your team’s security settings. On all plans, team members can sign in using:

  • Email and password

  • Google Sign-in

  • A magic link on mobile

Teams on the Pro and Enterprise plans can also configure additional security options:

  • SAML single sign-on (SSO)

  • Google Sign-in enforcement

  • Email two-factor authentication (2FA)

  • Domain sign-in restrictions

The Account Owner and Admins with permission to manage security settings can access these settings in Team Settings > Security.

SAML single sign-on

For a quick overview, check the Single Sign-On video guide.

Single sign-on allows you to log in via your company’s identity provider, removing the need to remember your Float credentials. It’s a safe and secure way to log into multiple apps.

Teams on the Pro and Enterprise plans can require team members to use SSO. The Account Owner or an Admin with permission to manage security settings can set it up in the Security tab of Team settings. Float is officially supported by three identity providers Microsoft Entra ID (formerly Azure AD), OneLogin, and Okta.

To get started, navigate to the Security tab within the Team Settings and select Configure.

configure SAML

Then enter:

  • SAML 2.0 Endpoint URL (HTTP)

  • Identity Provider Issuer

  • X.509 Certificate

You can require SAML for sign-in or allow your team to still use their Float password if they'd like.

Troubleshooting SAML single sign-on

If SSO isn’t working as expected, check the following:

Email matching
• The email address in the SAML assertion must match a Float user’s email.
• Float matches email case-insensitively. If your IdP sends a different format (e.g., old name or alternate alias), update your IdP to send the correct email.

Certificate
• Make sure the signing certificate in your IdP matches the X.509 certificate saved in Float. Expired or rotated certs can cause sign-on failures.

Issuer / Entity ID
• Confirm the <Issuer> (Entity ID) in the SAML response matches what’s configured in Float. A mismatch here will prevent authentication.

Destination / Assertion Consumer Service URL
• The Destination or ACS URL in the SAML response must match the Float SSO endpoint (e.g., https://<your-subdomain>.float.com/sso/...).


Attribute matching logic
Float tries to match user identities in this order: primary email first, then fallback to NameID. This applies across generic SAML and popular providers.

If these checks don't resolve the issue, please share with us the SAML response XML from the failed login attempt via in-app chat in Float or at support@float.com

Sign in with Google

We also support hassle-free sign-up and sign-in using your Google account. To sign up using your Google account use the Google option when starting a trial.

Sign up to Float using Google.

Team members you invite to Float will also have the option to sign in using their Google account, requiring no Float password.

If you are an existing Float user and your username matches your Google account email, you can log in using either a Float username and password or the Google sign-in button.

To sign in using your Google account, click the Sign in using Google on the login page.

Signing in to Float with Google account.

Teams on the Pro and Enterprise plans can require team members to use Google sign-in. The Account Owner or an Admin with permission to manage security settings can set it up in Team settings > Security > Sign in with Google.

sign in with google configuration


💡 Here's a tip: If you've signed up using a Google account but would prefer a Float password, you can create it in your Profile settings by completing the password field.

Email two-factor authentication (2FA)

Teams on the Pro and Enterprise plans can require two-factor authentication (2FA) for all team members. This adds an extra layer of security by requiring a verification code sent to the team member’s email during sign-in.

The Account Owner or an Admin with permission to manage security settings can set two-factor authentication as required in the Security tab of Team settings.

email 2fa

📝Note: Float currently supports email-based 2FA only. It must be enabled at the team level. Individual 2FA settings are not yet available.

Domain sign in restriction

Teams on the Pro and Enterprise plans can restrict account sign-in by domain. The Account Owner or an Admin with security access can add allowed domains on the Security tab of Team settings.

For example, if you restrict access to yourcompany.com, users with @gmail.com or other domains cannot log in.

Sign in with a magic link on mobile

If you are using the mobile app, we can email you a magic link so you can sign into Float without typing in a password.

Click Send me a magic link, enter your email, and then select Sign in to Float within the email to log into your account. This is a safe, secure way to access Float on your mobile device.

Signing into Float mobile app with the magic link.

Signing into Float mobile app with the magic link.
Signing into Float mobile app with the magic link.

Additional notes

  • ​If you are using Sign in with Google and have changed your email address or domain, please contact us at support@float.com so we can update it on our end. Otherwise, you won't be able to log into your account.

Related Articles
OneLogin
Okta
Microsoft Entra ID (formerly Azure AD)
Signing up for Float and a free trial
Managing email addresses
Did this answer your question?