Skip to main content

Single Sign-On

Integrate your company’s identity platform with Funnel, allowing each team member to sign in without entering username and password

Rickard Nordstrand avatar
Written by Rickard Nordstrand
Updated today

Content

Sign in with Google

The ability to sign in using Google is available to all subscriptions, just click the “Sign in with Google” button instead of entering your Funnel password.

Authentication methods

As a security feature you can select which authentication methods should be active for your subscription. For instance, you can use this to disable all password logins and force all users to use your own SSO provider with Two Factor Authentication (2FA).

Enterprise SSO

For additional security and centralized control we recommend using Enterprise SSO. We support a wide range of Identity providers and protocols, such as:

Supported Identity Providers

  • Custom OIDC

  • Custom SAML

  • Google Workspace

  • Microsoft ADFS

  • Microsoft Entra ID

  • Okta Integration

  • Okta Workforce

  • PingFederate

Okta Integration

If you are an Okta customer, you can use the Funnel Okta Integration from the Okta Integration Network for easily setting up SSO with SAML. To setup an Okta Integration with Funnel, please follow these instructions.

Service Provider (SP) Initiated Sign-in

Funnel supports SP initiated sign-in. This means that a user signs in via the Funnel app, gets redirected and authenticated using their own Identity Provider (IdP) and then allowed into the app.

Home Realm Discovery

In order to use SP initiated Sign-in, your users' email domain(s) will have to be configured to initiate user authentication with your IdP. This is called Home Realm Discovery (HRD) and ensures seamless redirection to your IdP when signing in to the app.

Please contact support if you want to enable SP initiated sign-in and HRD for your subscription.

Identity Provider (IdP) Initiated Sign-in

Funnel also supports IdP initiated sign-in. This authentication flow starts from the customer's IdP portal and sends a security token to the Service Provider, granting access to the Funnel app.

How to setup a new Enterprise SSO connection in Funnel

Follow the steps below to set up an Enterprise SSO connection in Funnel. Please note that Enterprise SSO is only available on the Enterprise plans. You need to be a Subscription owner in order to access the Authentication page and set up SSO or manage authentication methods.

If you want to set up Okta Workforce, please contact support as it is not available to setup using the self-service flow below.

  1. Navigate to Subscription Overview > Authentication

  2. Click Generate Setup Link.

  3. Copy the generated link and either open it in a new browser tab or pass it on to your IT-department.

    * Note that the generated link will remain active for 5 days, but once opened it needs to be completed within 5 hours. It can only be opened 10 times. If the link expires, you can generate a new link.

  4. In the setup flow, choose your Identity Provider and enter the required details.

  5. Test the connection.

  6. Finish the configuration flow by clicking Enable Connection:

    *Enabling the connection will have no impact on your current authentication methods in Funnel, it will simply allow the new SSO configuration to work in parallel with them. Configure your preferred authentication methods on the Authentication page in your Subscription Overview.

  7. To finalize the setup:

    1. If you wish to use SP-initiated SSO with Home Realm Discovery, please reach out to support and let us know which domain(s) you would like to enable this for.

    2. If you have set up a Custom SAML connection and would like to use IdP-initiated SSO, reach out to support to enable it for your subscription.

For further assistance, please contact support at support@funnel.io

Related Articles
Setting up Okta SSO
Migrating a legacy Enterprise SSO connection
Did this answer your question?