Overview of SAML SSO

Enterprise users can enforce standardized authentication for their organization πŸ”

Tyler Strand avatar
Written by Tyler Strand
Updated over a week ago

Air provides Single Sign-On (SSO) functionality for enterprise customers to access the app through a single authentication source. This allows IT administrators to better manage team access and keeps information more secure.

Note: SAML SSO is only available for workspaces on an Enterprise plan.
​Contact sales to learn more.

Background

SAML (Security Assertion Markup Language) is a standard that permits identity managers to safely pass authorization credentials to service providers like Air. In a SAML SSO set up, the Identity Provider (Azure, Okta, etc) manages the organization's user accounts and credentials. The Service Provider (Air) is the app or website that provides services to the user or organization.

When using SAML SSO, Air won't store passwords for any accounts managed by Single Sign On. Members log in to the organization via their identity provider.

How authentication with SAML SSO works:

  1. User requests to log in to Air via SAML SSO

  2. Air sends a SAML request to the IdP associated with the user's workspace

  3. The IdP checks this user's credentials

  4. The IdP sends a response back to Air verifying the user's identity

  5. Air accepts the response and logs the user into their Air account

Note: SAML SSO is only available for workspaces on an Enterprise plan.
​Contact sales to learn more.

Configuring SAML SSO on your workspace

If you are an admin in an Enterprise workspace, you can configure SAML SSO between Air and your Identity Provider.

For full instructions, check out our SAML SSO Configuration Guide.

How to log in using SAML SSO

Once SAML SSO is configured and enabled on your workspace, members and guests of the workspace can login using the associated Identity Provider (assuming they have granted access within the IdP).

To login, navigate to https://app.air.inc/saml-sso-login.
​

Type the email address associated with your organization's domain. You will be prompted to login with your Identity Provider credentials and routed back to Air after successful authentication.
​

Logging in from your Identity Provider

Unfortunately, we do not support "IdP-initiated authentication" at this time, so users cannot login directly from their Identity Provider's home page or application directory. They will need to navigate to https://app.air.inc/saml-sso-login and login directly.

Still have more questions? Send us a message.

Did this answer your question?