Configuring SSO with Google

  • Updated on Jun 3, 2025
  • Published on Jul 7, 2022
  • 1 minute(s) read
Prev Next

Setting up SSO for Google prerequisites

Adding custom SAML apps is only available to super admins or users with admin accounts that include:

  • Apps > Web and mobile apps  > Manage SAML apps - Allows admins to create, configure, and delete custom SAML apps.

  • (Optional but recommended) User access management - Required to to assign apps to users or groups.

To confirm or create a custom role with the required permissions:

  1. Open your Google Admin console.

  2. Click Account.

  3. Click Admin roles.

Setting up SSO for Google

Step 1:

  1. Open your Google Admin console.

  2. Click Apps, then Web and mobile apps.

  3. Click Add app, then Add custom SAML app.

  4. Name your app.

    1. (Optional) upload the Airtable logo and add a description.

  5. Download the IdP metadata and note and copy the SSO URL/Sign-in page URL.

    1. This info is required for the admin panel at a later point.

Note

If you can't download the metadata, copy the following to set up SSI:

  • SSO URL/Sign-in page URL

  • Entity ID

  • Certificate (x509 cert)

Step 2:

Enter the following information in the corresponding fields:

  • ACS URL: https://airtable.com/auth/ssoCallback

  • Entity ID: https://airtable.com/sso/metadata0418.xml

  • Start URL: Leave blank

  • Signed Response: Leave unchecked

  • Name ID Format: Email

  • Name ID: Basic Information > Primary Email

Step 3:

  1. Click Add mapping and map these fields:

    1. App Attribute (SAML Attribute) > Google Directory Attribute

    2. urn:oid:2.5.4.4 > Basic Information > Last Name

    3. urn:oid:2.5.4.42 > Basic Information > First Name

  2. Submit your sign-in URL and x509 certificate, following the steps in Configuring SSO in the admin panel article.

FAQs

If another team in my company already uses SSO with Airtable, how does this impact my Business or Enterprise Scale account?

In Airtable, our system expects Enterprise Scale accounts using shared domains—domains federated to multiple Enterprise accounts—to use the same SAML metadata for SSO. What this means is that if your company has existing Enterprise Scale accounts with SSO configured, you will need to coordinate with the admins (or IT department) of the other accounts to obtain the current sign-in URLs, x.509 certificates, and ensure that your users have the necessary access to the Airtable tenant present in your company’s identity provider.

You can configure separate tenants or identity providers for domains unique to Enterprise Scale accounts, as each domain can be configured with its own SAML metadata.