Configuring SSO with Google

1. Open your Google Apps admin panel.

2. Click Apps, then Web and mobile apps.

3. Click Add app, then Add custom SAML app.

4. Enter your app’s name, description, and icon.

1. Click Download (IDP metadata) under Option 1.

   1. The IDP metadata file includes a certificate that is necessary when submitting your IDP metadata using the admin panel.

2. Click Continue.

1. Enter the Service Provider Details:

   1. ACS URL: https://airtable.com/auth/ssoCallback

   2. Entity ID: Provide ID

   3. Start URL: Leave blank

   4. Signed Response: leave unchecked

   5. Name ID: Basic Information; Primary Email

   6. Name ID Format: Email

Enter the following "Attribute Mapping" information:

1. Click Add mapping.

   1. "urn:oid:2.5.4.4" -> Basic Information; Last Name

   2. "urn:oid:2.5.4.42" -> Basic Information; First Name

2. Click Finish.

1. Submit your signin URL and x509 certificate, following the steps in Configuring SSO in the admin panel article.

In Airtable, our system expects Enterprise Scale accounts using shared domains—domains federated to multiple Enterprise accounts—to use the same SAML metadata for SSO. What this means is that if your company has existing Enterprise Scale accounts with SSO configured, you will need to coordinate with the admins (or IT department) of the other accounts to obtain the current sign-in URLs, x.509 certificates, and ensure that your users have the necessary access to the Airtable tenant present in your company’s identity provider.

You can configure separate tenants or identity providers for domains unique to Enterprise Scale accounts, as each domain can be configured with its own SAML metadata.