Authentication and SSO

Marfeel allows users to authenticate through a securely stored user and password or via Single Sign-On (SSO), which enables users to securely authenticate with multiple applications and websites using just one set of credentials.

Marfeel supports both Google and Microsoft OAuth services out of the box, meaning any existing user can authenticate with Google or Microsoft accounts.

Force Single Sign-On (SSO) authentication

On the Enterprise plan, Marfeel offers advanced SSO settings that allow admins to force users to log in exclusively using their corporate accounts.

To activate SSO restrictions:

  1. Click on SSO Integration under Organization settings
  2. Define the user email domains that will be forced to login via Google or Microsoft corporate credentials. For example, in the screenshot below, any user with an email like user_name@aa.com under the domain aa.com will be forced to use SSO authentication.
  3. Decide whether to Automatically create user accounts:
    • Yes: A Marfeel user will be automatically created for any user that signs in from the specified domain. Automatically created users will be assigned the Viewer role.
    • No, only invited: Only previously added users can log in
  4. In order to force SSO authentication for all users under the specified domains, tick the option Disallow non SSO authentications. This will prevent external users like correspondents or agencies to access to the platform unless they have a valid corporate account.

When SSO restrictions are active, if a user tries to log in via user & password, they’ll receive the following error: Your organization forbids your access with username and password