Air provides Single Sign-On (SSO) functionality for enterprise customers to access the app through a single authentication source. This allows IT administrators to better manage team access and keeps information more secure.

Note: SAML SSO is only available for workspaces on an Enterprise plan.
​Contact sales to learn more.

SAML (Security Assertion Markup Language) is a standard that permits identity managers to safely pass authorization credentials to service providers like Air. In a SAML SSO set up, the Identity Provider (Azure, Okta, etc) manages the organization's user accounts and credentials. The Service Provider (Air) is the app or website that provides services to the user or organization.

When using SAML SSO, Air won't store passwords for any accounts managed by Single Sign On. Members log in to the organization via their identity provider.

How authentication with SAML SSO works:

Note: SAML SSO is only available for workspaces on an Enterprise plan.
​Contact sales to learn more.

If you are an admin in an Enterprise workspace, you can configure SAML SSO between Air and your Identity Provider.

For full instructions, check out our SAML SSO Configuration Guide.

Once SAML SSO is configured and enabled on your workspace, members and guests of the workspace can login using the associated Identity Provider (assuming they have granted access within the IdP).

To login, navigate to https://app.air.inc/saml-sso-login.
​

Type the email address associated with your organization's domain. You will be prompted to login with your Identity Provider credentials and routed back to Air after successful authentication.
​

Unfortunately, we do not support "IdP-initiated authentication" at this time, so users cannot login directly from their Identity Provider's home page or application directory. They will need to navigate to https://app.air.inc/saml-sso-login and login directly.

Still have more questions? Send us a message.