MENU
    Configuring SSO with Microsoft Entra ID
    • 24 Jul 2024
    • 1 Minute to read
    • Dark
    • PDF

    Configuring SSO with Microsoft Entra ID

    • Dark
    • PDF

    Article summary

    Setting up SSO for Microsoft Entra

    Learn how to set up SSO logins for your organization that uses Microsoft Entra (f.k.a. Azure AD).

    Note

    The content below may be outdated as Microsoft makes changes. In addition to reviewing our setup information, we recommend checking out Azure's Marketplace app page.

    Step 1

    1. From your home screen, click the menu in the top left corner.

    2. Select Azure Active Directory

    Step 2

    Click Enterprise applications 

    Step 3

    Click New application

    Step 4

    1. Search for and select "Airtable."  

    2. Click Add

    Step 5

    1. Click Set up single sign on

    1. Click SAML

    Note

    It's necessary to confirm that the identifier "Entity ID" field in your Azure SAML configuration is set as https://airtable.com/sso/metadata0418.xml. If the URL does not match, then this will prevent a valid SAML response.

    Step 6

    1. Click Download to the right of "Certificate (Base64)."

    1. Copy and paste the "LoginURL."

    Once complete, submit your "Login URL" and "SAML" signing certificate. Learn how to open .cer files in a text editor by following the steps in the Configuring SSO in the admin panel article

    After completing the above steps, you should be able to log in from https://airtable.com/sso/login.

    Troubleshooting

    If you encounter any issues or need additional assistance, please get in touch with us. You can also review the Azure Active Directory single sign-on (SSO) integration with Airtable tutorial

    FAQs

    If another team in my company already uses SSO with Airtable, how does this impact my Business or Enterprise Scale account?

    In Airtable, our system expects Enterprise Scale accounts using shared domains—domains federated to multiple Enterprise accounts—to use the same SAML metadata for SSO. What this means is that if your company has existing Enterprise Scale accounts with SSO configured, you will need to coordinate with the admins (or IT department) of the other accounts to obtain the current sign-in URLs, x.509 certificates, and ensure that your users have the necessary access to the Airtable tenant present in your company’s identity provider.

    You can configure separate tenants or identity providers for domains unique to Enterprise Scale accounts, as each domain can be configured with its own SAML metadata.


    Was this article helpful?