The Enterprise admin panel allows you to manage account-wide security settings.
There are currently three options in the Share restrictions dropdown:
- Unrestricted - Shares are not restricted to enterprise email domains (previously, this was when the toggle was in the OFF position).
- Restricted - Shares are always restricted to enterprise email domains (previously, this was when the toggle was in the ON position).
- Restricted Optional - Shares default to be restricted to enterprise email domains, but individual shares can set to be unrestricted.
Specifically, you can
- Restrict invites to prevent invites to users outside of your organization's domain(s)
- Whitelist email domains to allow invites to users outside of your organization’s domain(s)
- Restrict shares to prevent sharing of view or base share links with users outside of your domain(s)
- Whitelist email domains to allow users outside of your organization to access shared links
- Allow unrestricted access to password-protected share links and forms
- Add additional Enterprise admins
- Configure SSO for your organization’s domain
- Disable all apps by the community, unless explicitly allowed
- Disable development of custom code, unless explicitly allowed
If you wish to configure SSO for your organization, you will need your sign-in URL, x.509 Certificate, and your IdP metadata file. After you submit this information, Airtable enables SSO in "optional" mode which means users can still log in via their email/password combination. We recommend testing the SSO login flow a few times to make sure everything is configured correctly. Once you log in through SSO, you can then set SSO as the required form of login for all users on your account. This step will log all users out of Airtable, and they will have to authenticate via SSO moving forward.
When turned on, Enterprise users will not be able to run apps built and submitted to the Marketplace by third parties. This will not include our existing “Partner Apps” that Airtable has closely vetted. Users will still be able to see all apps in the marketplace and click “install,” but will be met with an error message instructing them to contact their administrator when they attempt to run the app. This will be on by default (e.g. third-party apps disallowed) for enterprise SSO users, and off for other enterprises on September 14.
Development of custom code
When turned on, users will not be able to use Airtable features which enable the deployment of custom code into your Enterprise environment. This includes the scripting app, script templates, the scripting action within Automations, and custom apps. To enable this functionality for your Enterprise, please review ensure this setting is not disabled.
If you do disable this feature for your Enterprise, you can optionally add specific users to an allowlist such that they can use these custom code features. This setting has been available via the Enterprise Admin Panel since March, 2020. We recommend checking your Admin Panel settings to confirm that this setting is aligned with your security policies.