Authentication and SSO

Marfeel allows users to authenticate through a securely stored user and password or via Single Sign-On (SSO), which enables users to securely authenticate with multiple applications and websites using just one set of credentials.

Marfeel supports both Google and Microsoft OAuth services out of the box, meaning any existing user can authenticate with Google or Microsoft accounts.

Log in duration

Users will remain authenticated during 14 days on the same browser by default, regardless of the login method used. When logging in from a non trusted device, users can choose to authenticate only during current browser session by unselecting the checkbox below inputs “Remember me for 2 weeks”.

Force Single Sign-On (SSO) authentication

On the Enterprise plan, Marfeel offers advanced SSO settings that allow admins to force users to log in exclusively using their corporate accounts.

To activate SSO restrictions:

  1. Click on SSO Integration under Organization settings
  2. Define the user email domains that will be forced to login via Google or Microsoft corporate credentials. For example, in the screenshot below, any user with an email like user_name@aa.com under the domain aa.com will be forced to use SSO authentication.
  3. Decide whether to Automatically create user accounts:
    • Yes: A Marfeel user will be automatically created for any user that signs in from the specified domain. Automatically created users will be assigned the Viewer role.
    • No, only invited: Only previously added users can log in
  4. In order to force SSO authentication for all users under the specified domains, tick the option Disallow non SSO authentications. This will prevent external users like correspondents or agencies to access to the platform unless they have a valid corporate account.

When SSO restrictions are active, if a user tries to log in via user & password, they’ll receive the following error: Your organization forbids your access with username and password

Microsoft OAuth permissions request

Depending on the Microsoft organization settings, the first time a user tries to login using SSO, the IT department that oversees Microsoft OAuth service might have to approve Marfeel: