The Enterprise admin panel allows you to manage account-wide security settings.
There are currently three options in the Share restrictions dropdown:
- Unrestricted -Shares are not restricted to enterprise email domains (previously, this was when the toggle was in the OFF position).
- Restricted - Shares are always restricted to enterprise email domains (previously, this was when the toggle was in the ON position).
- Restricted Optional - Shares default to be restricted to enterprise email domains, but individual shares can set to be unrestricted.
Specifically, you can
- Restrict invites to prevent invites to users outside of your organization's domain(s)
- Whitelist email domains to allow invites to users outside of your organization’s domain(s)
- Restrict shares to prevent sharing of view or base share links with users outside of your domain(s)
- Whitelist email domains to allow users outside of your organization to access shared links
- Allow unrestricted access to password-protected share links and forms
- Add additional Enterprise admins
- Configure SSO for your organization’s domain
- Disable all apps by the community, unless explicitly allowed
- Disable development of custom code, unless explicitly allowed
If you wish to configure SSO for your organization, you will need your sign-in URL, x.509 Certificate, and your IdP metadata file. After you submit this information, Airtable enables SSO in "optional" mode which means users can still log in via their email/password combination. We recommend testing the SSO login flow a few times to make sure everything is configured correctly. Once you log in through SSO, you can then set SSO as the required form of login for all users on your account. This step will log all users out of Airtable, and they will have to authenticate via SSO moving forward.