The Enterprise admin panel allows you to manage account-wide security settings (like integrations, sharing, and more) as an Enterprise admin. This article covers each account-wide security setting and its available options.
IN THIS ARTICLE
InvitesShare restrictions and syncing
Integrations
Apps
Scripting
Enterprise admins
SSO configuration
Invites
The invites setting allows admins to prevent users from inviting other users from outside of your Enterprise domain. If you toggle this option on, the “Email domain allowlist” can be used to allow invites to users within specific external domains.
TIP
If you or your collaborators are having difficulties adding an external collaborator to a base or workspace, then have that external collaborator double-check that they have verified their email address with us as a first step.
Share restrictions and syncing
For the “Share restrictions” option, there are three options to choose from, each with separate options specific to them:
- Unrestricted
- Restricted
- Restricted Optional (Available by request)
Unrestricted
With this option, share links are publicly accessible by default but can be restricted on an individual basis.
Restricting access to a specific view share link within a base can be found in this support article. Information on restricting access to a specific base share link can be found here.
Restricted
With this option, admins can prevent users outside of your domain from accessing shared links. Additional options include:
- Email domain allowlist
- Allow unrestricted access to password-protected shares
- Allow unrestricted access to shared forms
- Allow syncing from shared views
Restricted optional
NOTE
If you do not see this option and would like to have it added, then please contact your CSM or Account Executive in order to gain access to this feature.With this option, shares are by default restricted to your domain. But, restrictions can be removed on individual shares. Additional options include:
- Email domain allowlist
- Keep existing shares unrestricted
- Allow syncing from shared views
Allowing syncing from shared views
This option enables you to Allow / Disable the ability for shared views to be synced to other bases.
Integrations
The “Disable all integrations in Automations and External Source Sync, unless explicitly allowed” setting provides the option to prevent usage of these features that communicate with external services unless explicitly allowed.
Each service can be allowed or denied through the allowlist.
Integration allowlist
The integration allowlist provides the option to Allow or Deny access to individual automations and External Source Syncs. This allowlist will appear if you toggle on the option to “Disable all integrations in Automations, unless explicitly allowed” and click the “edit” button. You can then “Allow” or “Deny” each automation integration.
Apps
The app settings described below provide controls over which Airtable Apps can be used in bases in your Enterprise.
Third party apps
Third party apps are those built and submitted to the Marketplace by third parties, and reviewed for security and functionality by Airtable. They do not include existing “Partner Apps” that Airtable has closely vetted.
There are three unique setting options to control which third party apps can be used:
- Allow all: allows all third party apps
- Allow without network access: disallow third party apps that send data to non-Airtable web servers, unless they’re added to the allowlist below
- Allow none: disallow all third party apps, unless they’re added to the allowlist below
When an app is disallowed in your Enterprise, users will still be able to see all apps in the marketplace and click “install,” but will be met with an error message instructing them to contact their administrator when they attempt to run the app.
NOTE
Starting on March 26, 2021 this will be set to “Allow without network access” by default. Existing Enterprise admins can select one of the other options to opt out of that default choice.
Third party apps allowlist
If you select “Allow without network access” or “Allow none”, you can see a list of all disallowed apps by clicking the “Edit” link next to “Apps allowlist”. You can individually allow specific apps by clicking “Allow”.
Scripting
There are a few options to be aware of when considering the availability of various scripting options for your organization.
Development of custom code
When this option is turned on, users will not be able to use Airtable features which enable the deployment of custom code into your Enterprise environment. This includes the scripting app, script templates, the scripting action within Automations, and custom apps. To enable this functionality for your Enterprise, please review to ensure this setting is not disabled.
If you do disable this feature for your Enterprise, you can optionally add specific users to an allowlist such that they can use these custom code features. This setting has been available via the Enterprise Admin Panel since March 2020. We recommend checking your Admin Panel settings to confirm that this setting is aligned with your security policies.
Developer allowlist
With this option, you can allow certain users that you manage to develop custom apps, write scripts, and install scripts from the marketplace. To do so, enter a user’s email address into the space provided, and click the “Allow” button.
Enterprise admins
The ability to add or remove admin privileges can be found in this section. For more information, visit the support article here.
SSO configuration
To learn more about configuring your domain’s SSO settings, view this article.