Settings - Airtable Enterprise Admin Panel
- 27 Apr 2023
- 8 Minutes to read
- Print
- DarkLight
Settings - Airtable Enterprise Admin Panel
- Updated on 27 Apr 2023
- 8 Minutes to read
- Print
- DarkLight
Article Summary
The Settings page of the Admin Panel offers admins 3 main areas of global control over their organization’s Airtable account; Sharing & Access, extension & integrations, and SSO & Authentication. The controls in this section help to ensure the right mix of open creation and collaboration in Airtable to match your organization’s security protocols.
Overview
The Settings page can be accessed by clicking on the Settings option in the navigation sidebar of the Admin Panel. This will open up a page with three tabs of settings options. Clicking each tab will open up the corresponding options.
Sharing & Access
Invite restrictions
This setting allows admins to prevent users from inviting other users from outside of your Enterprise domain.
If you toggle this option on, the “Email domain allowlist” option will appear. To allow a new external domain, click the collapsed down arrow so that it appears up and enter the domain (ex. airtable.com). To remove a previously allowed domain from the list, simply click the “x” icon next to that domain.
NOTEIf you or your collaborators are having difficulties adding an external collaborator to a base or workspace, then have that collaborator double-check that they have verified their email address with us as a first step.
Share link restrictions
The “Share link restrictions” section allows admins to set who can access share links across your organization. Individual share link restrictions can also be set within the base UI. This setting can be adjusted by clicking the “Edit” button. There are three options to choose from, each with separate options specific to them:
- Unrestricted
- Restricted
- Restricted Optional
Unrestricted
With this option, share links are unrestricted in the global settings, but can still be restricted on an individual link basis.
Restricted
With this option, admins can prevent users outside of your domain from accessing shared links. Additional options include:
- Email domain allowlist
- Allow unrestricted access to password-protected shares
- Allow unrestricted access to shared forms
If any share link has email domain restrictions or password enabled or an Enterprise admin has turned on 'Restricted' share link settings, then iCal integration links will cease to sync since the iCal link is no longer able to authenticate.
NOTE
Restricted Optional
With this option, by default, share links are restricted to your organization's email domain. However, restrictions can be removed on individual share links. Additional options include:
- Email domain allowlist
- Keep existing shares unrestricted - Note that this option will only appear if your organization changes from “Unrestricted” share links to the “Restricted Optional” setting.
Synced view restrictions
The Synced view restrictions section gives admins control over synced shared views with other bases. Admins can choose between:
- Unrestricted - The Unrestricted option continues to operate as it has in the past. Any base, within or outside your organization, can receive synced data from syncable share view links within your organization.
- Restricted to your organization- The Restricted option allows users to set up syncs between existing bases within their organization, while bases outside their organization aren't able to receive syncs.
- The share view configuration defaults to restricting syncs within your organization but can be disabled on a share-view-by-share-view basis. Admins can also decide who can disable restrictions for views and can choose from no one, creators, and admins or admins only.
- With this setting enabled—and because individual share views are controlled separately—existing syncs outside your organization will continue to function.
- Sync Off - The Sync Off option is the most restrictive and prevents all shared views from syncing to any destination base.
This list includes all synced tables that can sync data from your organization, regardless of whether a sync is active. Admins can also click the “View non-restricted share links” button to view, sort, filter, and download share links enabling sync outside their organization. The three columns are calculated as follows:
- Syncs: The total number of synced tables created from this shared view (internal and external).
- External Syncs to Airtable: The total number of synced tables created based on the shared view inside the Airtable corporate account—data that is likely being shared with you as an Airtable employee. These tables are sometimes created during onboarding and service engagements or used to share information related to joint account planning between the customer and the Airtable employee.
- Other External Syncs: The total number of synced tables created—based on this shared view—that aren't part of your organization or part of the Airtable corporate account. Admins may want to keep some of the included data within their organization. If so, shared view links should be turned off but keep in mind that some desirable external syncs can be counted in this number, including:
- Syncs with external consultants or vendors.
- Syncs with other organizations under the same corporate entity (e.g., Division A and B, both of which are in Omnicorp Inc.)
The Restricted to <your organization> by default option prevents bases — outside your organization — from being sync targets by default.
Please keep in mind that when syncs are not restricted to the organization, enterprise users will be able to sync data into bases that are not part of the organization.
Restrict user group creation to admins only
The next option under the Sharing category has to do with user groups. Toggling this option on means that only admins can create user groups so that users without admin privileges will be unable to create or modify user groups.
Restrict access to Airtable to specific IP ranges
Note
Keep in mind that the Restrict access to Airtable to specific IP ranges option isn't available for all enterprises, so contact your CSM for details.
The final option in the Sharing category lets admins set IP range restrictions to prevent users from accessing Airtable unless they are logged into Airtable from an allowed device and/or network. Currently, only IPv4 protocol is supported.
Extensions, Integrations & Sync
Extensions
There are two categories of extensions in this section of the Settings page: extensions by Airtable and Airtable partners and third party extensions. Extensions by Airtable and Airtable partners are either created by Airtable or closely vetted extensions that we have worked with reputable organizations on building and implementing. Third-party extensions are those built and submitted to the Marketplace by third parties and reviewed for security and functionality by Airtable. They do not include the “Partner extensions” that Airtable has closely vetted. There are three options in either of these categories that allow Admins to control which extensions can be used:
- Allow all - Allows users to access and use all third party extensions.
- Deny extensions that access non-Airtable servers - Disallows third-party extensions that send data to non-Airtable web servers.
- Deny all - Disallows all extensions.
As of March 26, 2021 this setting will default to the “Deny extensions that access non‑Airtable servers” option. Enterprise admins can select one of the other options to opt-out of that default choice.
NOTE
When an extension is disallowed in your Enterprise, users will still be able to see all extensions in the marketplace and click “install,” but will be met with an error message instructing them to contact their administrator when they attempt to run the extension.
Disable development of custom code, unless explicitly allowed
When this option is turned on, users will not be able to interact with Airtable features that enable the deployment of custom code into your Enterprise environment unless they are explicitly allowed. This includes the scripting extension, script templates, the Run a script action within Automations, as well as custom extensions. To enable this functionality for your entire Enterprise, keep this option toggled off.
If an admin does disable this feature for your Enterprise, you can optionally add specific users to an allowlist such that they can use these custom code features. To do so, enter a user’s email address into the space provided, and click the “Allow” button. Users previously added to the allowlist can be removed by clicking on the “x” next to their email address. This setting has been available via the Enterprise Admin Panel since March 2020. We recommend checking your Admin Panel settings to confirm that this setting is aligned with your security policies.NOTE
Disable all integrations in Automations and External Source Sync, unless explicitly allowed
This setting provides the option to prevent usage of these features where they may communicate with external services (outside of Airtable) unless explicitly allowed.
An allowlist option will appear if you toggle on the option on. You can then allow or deny each service based upon your organization’s security practices.
At the bottom of the allowlist, admins will find the option to disable or enable all integrations.
Lastly, integrations that require additional configuration will appear below the allow/deny list. Currently, we only the Jira Server / Data Center integration requires this additional configuration, but we will likely add more sync integrations over time that require this configuration.
Disable API access for all third-party integrations, unless explicitly allowed
This setting allows you to manage access to third-party integrations across your entire organization.
- If this setting is Off, third-party integrations can be allowed by users.
- If this setting is On, third-party integrations are not allowed by users, unless explicitly allowed via the allowlist.
In addition to this admin panel section, you can also manage the third-party integrations already authorized by your users and service accounts:
Note
Enable link previews when an Airtable URL is pasted in Slack
Turning this setting on allows URLs to bases and workspaces in this enterprise to be previewed by authenticated users in Slack via our Airtable link preview in Slack feature. Additionally, the "Allow previews to reveal record data" subsetting allows Slack previews to display record data. When this option is toggled off, a preview will still be generated, but will not contain specific information held in cells.
Security & Authentication
Note
As an admin, you can choose to make SSO either optional or required for each of your federated domains. If you make SSO optional, users can use SSO or log in with their regular username and password. If you make SSO required, all users in the federated domain will have to use SSO to log in to Airtable. Required SSO allows you to manage access to Airtable and ensures that your users use the most suitable authentication method.
To learn more about configuring your organization’s SSO settings, please visit this support article.
Organization Profile
The Organization Profile tab of Admin Panel allows users to manage their company logo and to add a custom contact admin message.
- To manage your company logo, click Update logo.
- To set a custom Contact admin message, click Edit.
- This allows you to customize the message when Airtable asks users in your organization to contact their admin and select your preferred contact method.
Was this article helpful?