FloQast supports Single Sign On (SSO) as an authentication method for your team to access the FloQast web application. We integrate with any Identity Provider (IdP) that supports SAML 2.0 authentication. If you use any of the named providers below, FloQast has an enterprise application that you can install directly within your IdP to pre-populate many of the attribute mappings and URLs. If you use any other provider (considered "Custom") then we will provide you with our Federation Metadata to help you fill in the settings within your IdP.
- Microsoft Azure SSO
- Google SSO
- Salesforce SSO
- Custom SSO: Any other IdP that supports SAML 2.0
If your team uses one of the above Single Sign-On platforms and would like to sign in to FloQast with your SSO, here are some steps to get started:
1. Contact email@example.com and let us know that you are interested in integrating FloQast with your SSO provider. Tell us your IdP and we will share the appropriate setup guide with you.
2. Install/configure the FloQast application within your IdP
3. Assign your users to FloQast within your IdP. If you need a list of active FloQast users, please let us know and we can provide you with the full list.
4. Send us your metadata file. We will upload this to our database, at which point SSO will be the required authentication method for your users immediately.
FAQ about SSO + FloQast:
Q: Once SSO is live for my team, is that the only supported authentication method?
A: Yes. If your users were previously using Username + Password to sign into FloQast, that method will now be disabled and they will be required to sign in through SSO.
Q: Can I test logging in with SSO for just one user before deploying to my entire team?
A: Yes, FloQast has the ability to assign your SSO settings to particular users. The default is to apply to your entire team, but we can assign just one user for testing purposes. Please let us know if you with to test with a single user first.
Q: Does FloQast support both SP (service provider) and IdP (Identity Provider) initiated login?
A: Yes. Your users may enter their email address at our SSO login page (https://www.floqast.app/login/sso) for SP initiated login. If you have configured an application homepage for your users in your IdP, we also support IdP initiated login.
Q: Does FloQast offer Multi-Factor Authentication?
A: You are welcome and encouraged to enforce MFA when your users sign into your Identity Provider. Since MFA is typically enforced at this level, FloQast does not offer MFA.
Q: Does FloQast offer Just-In-Time provisioning/deprovisioning?
A: No. FloQast does not offer JIT provisioning. This is because there are several unique permissions within FloQast (User Role, Entity Access) which must be configured directly within the FloQast application. A user must be invited to FloQast with their email address AND be assigned to the FloQast enterprise application within your SSO directory. Users can be deactivated in FloQast, which would immediately revoke their ability to sign into FloQast. Users could also be deactivated/have access revoked in your SSO directory, which would immediately revoke their ability to sign into FloQast.