Who can access SAML SSO settings? ​

👨‍👩‍👧‍👦 Supported on any <code>Enterprise</code> Air plan

✏️ Anyone with admin access to the workspace

SAML SSO is only available for workspaces on an Enterprise plan. ​<a href="https://air.inc/enterprise" rel="nofollow noopener noreferrer" target="_blank">Contact Air's sales team</a> to learn more.

Air provides Single Sign-On (SSO) functionality for enterprise customers to access the app through a single authentication source. This allows IT administrators to better manage team access and keeps information more secure.

SAML (Security Assertion Markup Language) is a standard that permits identity managers to safely pass authorization credentials to service providers like Air. In a SAML SSO set up, the Identity Provider (Azure, Okta, etc) manages the organization's user accounts and credentials. The Service Provider (Air) is the app or website that provides services to the user or organization.

When using SAML SSO, Air won't store passwords for any accounts managed by Single Sign On. Users log in to the organization via their identity provider.

User requests to log in to Air via SAML SSO

Air sends a SAML request to the IdP associated with the user's workspace

The IdP sends a response back to Air verifying the user's identity

Air accepts the response and logs the user into their Air account

1. User requests to log in to Air via SAML SSO
2. Air sends a SAML request to the IdP associated with the user's workspace
3. The IdP checks this user's credentials
4. The IdP sends a response back to Air verifying the user's identity
5. Air accepts the response and logs the user into their Air account

Users can start SAML sign-in from either URL:

<code>https://app.air.inc/saml-sso-login</code>

<code>https://api.air.inc/integrations/saml/login/{ORGANIZATION-WORKSPACE-ID}</code> (workspace-specific; redirects the user to the correct identity provider without requiring an email address to be entered twice)

- <code>https://app.air.inc/saml-sso-login</code>
- <code>https://api.air.inc/integrations/saml/login/{ORGANIZATION-WORKSPACE-ID}</code> (workspace-specific; redirects the user to the correct identity provider without requiring an email address to be entered twice)

As a user with the admin workspace role, you're able to get your team started with SAML SSO. The functions here allow you to customize your team's Air workspace for added security.

There are required and optional settings that allow for the setup of SAML SSO functions on Air. Authenticating your workspace with the provided custom ID/details will ensure your team can access Air seamlessly.

This is a required field for establishing your SAML connection. The URL provided by your Identity Provider (IdP) is placed here to properly connect your Air workspace.

Once you're set up with your IdP, you must verify your workspace email domain(s) before enabling SAML SSO. Only users with email addresses on verified domains can sign in with SAML. Existing approved domains are treated as verified. To verify a domain, use an email address from that domain.

After you enable SAML SSO, users with email addresses on verified domains can only use SAML SSO to sign in. This blocks sign-in through Google SSO, Apple SSO, and the Air login page.

___________________________________________________________

Now that you're up to speed on Air's SAML SSO settings, you can configure SAML SSO between Air and your Identity Provider.

For full setup instructions, check out our <a href="https://help.air.inc/en/articles/7051227-configuring-saml-sso">SAML SSO Configuration Guide</a>. ​

Still have more questions? <a href="mailto:help@air.inc" rel="nofollow noopener noreferrer" target="_blank">Send us a message</a>.

Enterprise users can enforce standardized authentication for their organization 🔐

Explore SAML SSO

Subscribe on YouTube

Read our G2 Reviews

Follow us on TikTok

Follow us on IG

Visit Air's website

Go to Air

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Explore SAML SSO

Basics of SAML

How SAML works on Air

SAML sign-in URLs

From Workspace Settings

Authentication settings

SAML metadata URL

Enable SAML SSO

Enforce SAML SSO