> For the complete documentation index, see [llms.txt](https://docs.clearfeed.ai/clearfeed-help-center/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.clearfeed.ai/clearfeed-help-center/account-setup/login-methods.md). # Login Methods {% hint style="info" %} **Note:** All settings related to security and authentication can be modified by an Admin only. Learn more about [user roles in ClearFeed here](/clearfeed-help-center/account-setup/manage-users.md). {% endhint %} ## Enforcing Sign In Options Users from an organization can log in to ClearFeed via multiple methods: Google Sign-in, Microsoft Sign-in, or a login link (magic link). **You can configure the sign-in settings by following the steps below:** 1. Navigate to this page ->

Note: By default, users are allowed to sign in via all options. Enforcing sign-in allows admins to limit sign-in to only Google or Microsoft login.

2. Toggle on Google Authentication or Microsoft Authentication 3. This will log out all users who did not log in via the selected authentication method. 4. These users would then need to log in again using the enforced sign-in option. {% hint style="info" %} **Note:** ClearFeed authentication relies on Google services (such as Firebase and reCAPTCHA). In regions where Google services are blocked (e.g., Mainland China), users may not be able to log in—even when using the magic link or other supported methods. There is currently no workaround for this limitation. If you are affected, please contact ClearFeed support for further assistance. {% endhint %} ## SAML Authentication ClearFeed provides the option to integrate Single Sign-On (SSO) using the Security Assertion Markup Language (SAML) protocol, allowing users to authenticate with their identity providers (IdPs) to access ClearFeed. {% hint style="info" %} **Note:** This feature is currently enabled for users via ClearFeed. If you'd like to enable SAML authentication, please reach out to us at or via Slack. {% endhint %} ### SAML SSO #### Prerequisites Before configuring SAML SSO in ClearFeed, ensure the following: * Login and create an account in ClearFeed using any of the existing Authentication Methods (Google/Microsoft/Magic Link) * Contact ClearFeed support via Slack or email at to enable the SAML SSO feature for your ClearFeed account. This feature is not automatically available and requires activation by the support team. * Ensure you have administrative access to both ClearFeed and your identity provider. * If you are using multiple accounts in ClearFeed, ensure you are logged in to the [Parent Account](/clearfeed-help-center/account-setup/child-accounts.md). * You have the SAML identity provider setup screen and documentation open. SAML can be configured by visiting this [**link**](https://web.clearfeed.app/settings/security) and clicking on the configure button. #### Create SAML Configuration **Identity Provider Entity ID** Obtain the Entity ID from your identity provider. * This is a unique identifier that the SAML protocol uses to exchange data between the identity provider and ClearFeed. **SSO URL** Provide the SAML SSO URL from your identity provider. * This URL is where SAML authentication requests are sent and must be a valid URL. **X.509 Certificates** Supply one or more X.509 certificates provided by your identity provider. * These certificates must include the `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` markers and are used for validating SAML responses. **Company ID** Unique identifier for your company within ClearFeed. * It is necessary for users to log in via SAML SSO. * **Note:** This ID cannot be changed from the app once set up. Please contact ClearFeed support for help in getting it changed. **Additional Information Required by your IdP** * **Audience/Service Provider Entity ID**: This is a predefined value shown on the screen, which must be entered on your identity provider's configuration page. * **Callback URL**: The Assertion Consumer Service (ACS) URL is also predefined, and provided in the SAML configuration modal. This URL is where the SAML response is sent after authentication. You'll need to register this URL with the SAML identity provider. ### SAML Assertion The SAML Assertion from your identity provider must include the following for successful authentication: `` and `` elements must be present, and the`` element must contain the user's email in the following format: ```html john@clearfeed.ai ``` {% hint style="warning" %} SAML authentication will not function without the presence of the above elements in the SAML Assertion. {% endhint %} ### User Attributes ClearFeed also searches for the following attributes in the SAML assertion payload to enhance the user experience within the ClearFeed Web App. While these attributes are not mandatory for authentication, having them present can improve usability: * `fullName`, `name`, `displayName` for the user's name. * `photoURL`, `avatar`, `picture` for the user's avatar. ### User Login Flow Currently, we don't support the Identity Provider initiated flow, which means that every time the user wants to log in to ClearFeed via SAML SSO, the user will have to first navigate to and click on `Continue with SAML SSO` {% hint style="danger" %} * Once SAML SSO is enforced, alternative authentication methods (such as Google, Microsoft, or Magic Link) cannot be used to log in to ClearFeed for regular users. This effectively **enforces SSO for all users** of your account. * Administrators of the [parent account](/clearfeed-help-center/account-setup/child-accounts.md) can still log in using the alternative authentication methods. This ensures they do not get locked out in the event of any issues with the SAML configuration. * **Provisioning & deprovisioning** * Clearfeed **does not currently support SCIM** for automated user provisioning, deprovisioning, or role mapping. * Clearfeed **does not currently expose APIs** for automating user creation, deactivation, or role mapping. * Anyone logging into the Clearfeed web app must have a valid Slack user in the connected workspace. If a user is removed from Slack, they will also lose access to the Clearfeed web app (in addition to not being able to log in via SAML). Note: It is essential to consult your identity provider's documentation to obtain the correct values for the entity ID, SSO URL, and X.509 certificates. Additionally, regularly check for any updates or rotation of certificates to maintain SAML SSO functionality. {% endhint %} Note: It is essential to consult your identity provider's documentation to obtain the correct values for the entity ID, SSO URL, and X.509 certificates. Additionally, regularly check for any updates or rotation of certificates to maintain SAML SSO functionality. ## Walkthrough: Setup SSO with Okta Watch this short video to understand how to setup SSO with Okta. If you cannot open the video below, access it [here](https://www.veed.io/view/4fd72797-d7cb-4508-a6ee-ed76fc21eea1?panel=share). {% embed url="" %} By default, **IDP-initiated SAML login is not supported** in Clearfeed. However, if you're using **Okta**, you can simulate an IDP-initiated flow using the steps below. This allows users to click on the Clearfeed application from the Okta dashboard and log in directly. **🔧 Setup Steps:** 1. **Go to your existing Clearfeed SAML app** in Okta. 2. In the settings, **enable the option**: \&#xNAN;*“Do not display application icon to users”*\ (This hides the original app to avoid confusion.) 3. **Navigate to the Okta App Integration Catalog**, search for **“Bookmark App”**, and click **Add Integration**. 4. On the **Add Integration** screen: * Set the URL to: [`https://web.clearfeed.app/login?saml_company_id=`](https://web.clearfeed.app/login?saml_company_id=)`` * You can find your company ID at: > SAML Authentication > Edit Configuration 5. **Assign the new Bookmark App** to the relevant users or groups in Okta. Once this is set up, users will see the new Clearfeed application on their Okta dashboard. Clicking it will log them in directly to the Clearfeed web app via SAML. * If the user is already logged in, they will be redirected straight to their **Clearfeed Dashboard**.
*** ## Troubleshooting Login-Failed Errors {% hint style="info" %} Most ClearFeed login issues stem from using a different authentication method than the one used during account creation. The system is designed this way to maintain security and account integrity. By consistently using your original authentication method and following the best practices outlined below, you can avoid most login problems. {% endhint %} When logging in to ClearFeed, you may get a generic "Login Failed Error" or see other surprising behavior. Here are some of the common reasons why this happens and what to do fix the login issues: ### 1. Authentication Method Lock-in **What happens:** * You try to log in using one method (e.g., email magic link) * Later, you try to log in using a different method (e.g., Google or Microsoft) * The login fails **Why this occurs:** ClearFeed associates your account with the specific authentication method you used when you first signed up. This association is permanent for security and account management purposes. When you attempt to use a different login method, ClearFeed cannot verify your identity because it's looking for the original method. **Example scenarios:** * Signed up with email magic link → Later try Google login → Login fails * Signed up with Google → Later try email magic link → Login fails * Signed up with Microsoft → Later try Google login → Login fails **Solution:** * Always use the same authentication method you used when you first created your ClearFeed account. * In case the login method has been changed, reach out to ClearFeed Support to reset your login credentials. ### 2. Magic Link Expiration **What happens:** * You request a magic link via email * You don't click the link within 15 minutes * When you finally click it, the link doesn't work **Why this occurs:** Magic links are designed to be temporary for security reasons. Each link expires after 15 minutes to prevent unauthorized access to your account if your email is compromised or if the link is intercepted. **Solution:** Request a new magic link and click it promptly after receiving it. The link will arrive in your email inbox within moments. ### 3. Login failed due to SSO enforcement **What happens:** * You try to log in using Email, but login fails with a generic error. **Why this occurs:** * Your administrator may have enabled SSO on the account with only Google or Microsoft or SAML login allowed. * Logins attempted via other methods, like Email, fail. * This can also happen, for example, if SAML is enforced - and a user tries to use Google to login. **Solution:** Ensure you're using the SSO method enforced on the ClearFeed account. If you need to switch login methods due to SSO enforcement and are unable to switch (due to Authentication Lock-in issues described above), contact ClearFeed Support. ### 4. Browser or Device Cookie Issues **What happens:** * You request a magic link and receive it in your email * When you click the link, it shows an error about browser mismatch **Why this occurs:** Magic links are tied to the specific web browser and device where they were requested. If you request a magic link on one device (like your work computer) but click the link on a different device (like your phone), ClearFeed detects this mismatch for security reasons. **Solution:** Request and use the magic link on the same browser and device. If you need to switch devices, request a new magic link on that device. ### 5. Duplicate ClearFeed Account Created on Login **What happens:** * You login to ClearFeed via any method. * Instead of joining an existing ClearFeed account, you are asked to [connect Slack again](/clearfeed-help-center/getting-started/signing-up-for-clearfeed.md). **Why this occurs:** ClearFeed accounts are linked to domains. If you login with an email id with a domain that isn't what was used to create your company's ClearFeed account, ClearFeed may create a new account for this domain and ask you to connect this new account to Slack. **Solution:** Logout and login with an email id that matches the company's domain. Alternatively ask your ClearFeed account administrator to [whitelist other domains on the account](/clearfeed-help-center/account-setup/manage-users.md) - which will allow users with email ids from those domains to also join the ClearFeed account. *** ## FAQs 1. **If I have multiple ClearFeed accounts, does enforcing sign-in work for all accounts?**\ **Answer:** No, enforcing sign-in is an individual account-level setting. If you have multiple accounts, users can still log in to other accounts using any of the login methods. However if SAML SSO is enabled for the [parent account](/clearfeed-help-center/account-setup/child-accounts.md) - it applies to all the associated [child accounts](/clearfeed-help-center/account-setup/child-accounts.md). Users of all the child accounts must also use SAML for login. 2. **What happens if a user tries to log in via a method other than the enforced one?**\ **Answer:** Users are shown an error message if they try to log in via another method. E.g. If an account has Google Sign-in enforced - and if a user tries to log in via the magic link. Upon clicking on the generated sign-in link in their email - they would see an error as shown below:
3. **What if I accidentally used the wrong email (e.g., personal Gmail) during Google login and now can't change it?**\ **Answer:** If you get stuck in the login flow because you previously used an incorrect email address (such as a personal Gmail instead of your company email), you can just logout and try to sign-in with the correct email id. ClearFeed may create a new account and ask you to connect it to Slack, which you can just ignore. 4. **I'm stuck on a spinning logo/login loop and can't reach the app, what should I try?**\ **Answer:** If the login page keeps loading forever or you get stuck in a loop after choosing a sign-in method: * First, confirm you are using an allowed sign-in method for your account (e.g., if Google authentication is enforced, only "Continue with Google" will work; magic link or other methods will fail). * Do a **hard refresh** of the login page (e.g., **Shift + Reload** on Chrome) to clear any stale session state. * Try an **Incognito/Private** window or a different browser (e.g., Safari/Edge) to rule out cached sessions. * Temporarily **disable browser extensions**, especially password managers or autofill tools (e.g., 1Password, LastPass), which can sometimes interfere with the ClearFeed login flow. * Avoid rapidly switching between different login methods in the same browser session; stick to the enforced/primary method. If the issue persists after these steps, please contact ClearFeed support and share your browser, OS, and the exact steps you followed. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.clearfeed.ai/clearfeed-help-center/account-setup/login-methods.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.