Marfeel allows users to authenticate through a securely stored user and password or via Single Sign-On (SSO), which enables users to securely authenticate with multiple applications and websites using just one set of credentials.
Marfeel supports both Google and Microsoft OAuth services out of the box, meaning any existing user can authenticate with Google or Microsoft accounts.
Force Single Sign-On (SSO) authentication
On the Enterprise plan, Marfeel offers advanced SSO settings that allow admins to force users to log in exclusively using their corporate accounts.
To activate SSO restrictions:
- Click on SSO Integration under Organization settings
- Define the user email domains that will be forced to login via Google or Microsoft corporate credentials. For example, in the screenshot below, any user with an email like
firstname.lastname@example.org the domain
aa.comwill be forced to use SSO authentication.
- Decide whether to
Automatically create user accounts:
Yes: A Marfeel user will be automatically created for any user that signs in from the specified domain. Automatically created users will be assigned the Viewer role.
No, only invited: Only previously added users can log in
- In order to force SSO authentication for all users under the specified domains, tick the option
Disallow non SSO authentications. This will prevent external users like correspondents or agencies to access to the platform unless they have a valid corporate account.
When SSO restrictions are active, if a user tries to log in via user & password, they’ll receive the following error: Your organization forbids your access with username and password
Microsoft OAuth permissions request
Depending on the Microsoft organization settings, the first time a user tries to login using SSO, the IT department that oversees Microsoft OAuth service might have to approve Marfeel: