Skip to main content
Explore SAML SSO

Enterprise users can enforce standardized authentication for their organization πŸ”

Tyler Strand avatar
Written by Tyler Strand
Updated over 11 months ago

Who can access SAML SSO settings?
​

πŸ‘¨β€πŸ‘©β€πŸ‘§β€πŸ‘¦ Supported on any Enterprise Air plan

✏️ Anyone with admin access to the workspace

πŸ” Quick tip!

SAML SSO is only available for workspaces on an Enterprise plan. ​Contact Air's sales team to learn more.

Air provides Single Sign-On (SSO) functionality for enterprise customers to access the app through a single authentication source. This allows IT administrators to better manage team access and keeps information more secure.

Basics of SAML

SAML (Security Assertion Markup Language) is a standard that permits identity managers to safely pass authorization credentials to service providers like Air. In a SAML SSO set up, the Identity Provider (Azure, Okta, etc) manages the organization's user accounts and credentials. The Service Provider (Air) is the app or website that provides services to the user or organization.

When using SAML SSO, Air won't store passwords for any accounts managed by Single Sign On. Members log in to the organization via their identity provider.

How SAML works on Air

  1. User requests to log in to Air via SAML SSO

  2. Air sends a SAML request to the IdP associated with the user's workspace

  3. The IdP checks this user's credentials

  4. The IdP sends a response back to Air verifying the user's identity

  5. Air accepts the response and logs the user into their Air account

From Workspace Settings

As an admin workspace member, you're able to get your team started with SAML SSO. The functions here allow you to customize your team's Air workspace for added security.

Authentication settings

There are required and optional settings that allow for the setup of SAML SSO functions on Air. Authenticating your workspace with the provided custom ID/details will ensure your team can access Air seamlessly.

SAML metadata URL

This is a required field for establishing your SAML connection. The URL provided by your Identity Provider (IdP) is placed here to properly connect your Air workspace.

Enable SAML SSO

Once you're set up with your idP, use this setting to enable SAML SSO for your current and future workspace members. This will provide the option to log in with SAML for your workspace members.

Enforce SAML SSO

Choosing this feature after setting up and enabling SAML SSO for your workspace, workspace members with an approved email domain can only use SAML SSO to log in. Using this stops users from being able to log in to Air through Google SSO, Apple SSO or Air's login page.


Now that you're up to speed on Air's SAML SSO settings, you can configure SAML SSO between Air and your Identity Provider.

For full setup instructions, check out our SAML SSO Configuration Guide.
​

Still have more questions? Send us a message.

Did this answer your question?