Who can access SAML SSO settings?
β
π¨βπ©βπ§βπ¦ Supported on any Enterprise
Air plan
βοΈ Anyone with admin access to the workspace
π Quick tip!
SAML SSO is only available for workspaces on an Enterprise plan. βContact Air's sales team to learn more.
Air provides Single Sign-On (SSO) functionality for enterprise customers to access the app through a single authentication source. This allows IT administrators to better manage team access and keeps information more secure.
Basics of SAML
SAML (Security Assertion Markup Language) is a standard that permits identity managers to safely pass authorization credentials to service providers like Air. In a SAML SSO set up, the Identity Provider (Azure, Okta, etc) manages the organization's user accounts and credentials. The Service Provider (Air) is the app or website that provides services to the user or organization.
When using SAML SSO, Air won't store passwords for any accounts managed by Single Sign On. Members log in to the organization via their identity provider.
How SAML works on Air
User requests to log in to Air via SAML SSO
Air sends a SAML request to the IdP associated with the user's workspace
The IdP checks this user's credentials
The IdP sends a response back to Air verifying the user's identity
Air accepts the response and logs the user into their Air account
From Workspace Settings
As an admin workspace member, you're able to get your team started with SAML SSO. The functions here allow you to customize your team's Air workspace for added security.
Authentication settings
There are required and optional settings that allow for the setup of SAML SSO functions on Air. Authenticating your workspace with the provided custom ID/details will ensure your team can access Air seamlessly.
SAML metadata URL
This is a required field for establishing your SAML connection. The URL provided by your Identity Provider (IdP) is placed here to properly connect your Air workspace.
Enable SAML SSO
Once you're set up with your idP, use this setting to enable SAML SSO for your current and future workspace members. This will provide the option to log in with SAML for your workspace members.
Enforce SAML SSO
Choosing this feature after setting up and enabling SAML SSO for your workspace, workspace members with an approved email domain can only use SAML SSO to log in. Using this stops users from being able to log in to Air through Google SSO, Apple SSO or Air's login page.
Now that you're up to speed on Air's SAML SSO settings, you can configure SAML SSO between Air and your Identity Provider.
For full setup instructions, check out our SAML SSO Configuration Guide.
β
Still have more questions? Send us a message.