Articles in this section
Articles in this section ▾
Setting up SSO in the enterprise admin panel
Configuring SSO with Okta
Configuring SSO with Google
Configuring SSO with OneLogin
Configuring SSO with Azure AD
Configuring SSO with ADFS
Okta provisioning configuration options - ELA only

Setting up SSO in the enterprise admin panel

This article is intended for Airtable admins looking to set up SSO for their teams. 

NOTE

SSO is a feature only available for Airtable Enterprise payment plans. If you are interested in inquiring about enterprise pricing, you can contact us here.

IN THIS ARTICLE

Prerequisite
Walkthrough
Troubleshooting tips

 

Prerequisite

Before adding your SSO metadata (sign-in URL and x509 certificate) via the admin panel, you need to first retrieve it from your SSO identity provider, following one of the following articles:

Walkthrough

  1. After retrieving your specific SSO metadata, go to the admin panel and click on the "settings" tab. There, you should see a section called "SSO configuration" under which you can add or edit SSO identity provider metadata for each of the email domains federated under your enterprise account:
    Settings_-_Airtable_6_29_14_PM.jpg
  2. Click "edit identity provider metadata" to edit the metadata of an identity provider. You can only do so when SSO is in optional mode, to prevent locking users out. You can toggle SSO between optional and required mode using the buttons "make SSO optional" and "require SSO and log out all sessions", respectively:

    Screen_Shot_2019-10-25_at_2.52.44_PM.png
    Settings_-_Airtable2.jpg

Troubleshooting tips

  • The NameID must be the user’s email address
  • The NameID format can be EmailAddress or unspecified
  • After editing your identity provider metadata, the changes may take up to 5 minutes to take effect.
  • You can only add identity provider metadata for email domains federated under your enterprise account.
  • We only allow one set of identity provider metadata per email domain, globally. This means that if another enterprise account has already provided identity provider metadata for one of your email domains, you will need to talk to the admins of that account if you want to change the metadata.
  • If you are trying to switch SSO from optional mode to required mode for your own email domain after editing the SSO identity provider metadata, we require that you verify that the metadata values you've provided are correct, by first logging out and logging back in using SSO.

Was this article helpful?

Related articles