SAML single sign-on and directory sync

Integrate with third-party identity providers.

SAML single sign-on (SSO)

To use SAML SSO, your team must be on the Enterprise plan

Airplane supports SAML SSO, which allows you to manage your team members through a third-party identity provider such as Okta, OneLogin or Azure AD.

Configuring SAML SSO

To configure SAML SSO, go to the SAML single sign-on section of the members settings page, and click on the Configure SAML SSO... button. This will take you through a series of instructions to get SAML SSO set up with Airplane.

You need to be a team admin to configure this.

Using SAML SSO

Once SAML SSO is configured, users can sign in via SAML SSO by clicking on the Continue with SSO button in the main login page. Note that this requires that user to already be a member of your Airplane team.

SAML SSO also works with IdP-initiated SSO. Users can sign in to Airplane from e.g. their Okta dashboard. IdP-initiated SSO will provision a user on your team if the user doesn't already exist, without requiring an invite.

Recommendations

Directory sync

To use directory sync, your team must be on the Enterprise plan

Airplane supports directory sync, which helps teams manage organization membership from a third-party identity provider like Okta. Once enabled, new users assigned access to Airplane will be automatically provisioned on your team, and selected groups will be pushed to Airplane and kept up to date.

Existing users and groups are only affected by directory sync once provisioned. In other words, an existing user or group will remain a member of your team if not assigned by directory sync, but will be removed from your team if they are assigned and then unassigned.

Configuring directory sync

To configure directory sync, go to the Directory sync section of the members settings page, and click on the Configure Directory sync... button. This will take you through a series of instructions to get directory sync set up with Airplane.

You need to be a team admin to configure this.

Recommendations

  • Once directory sync has synced your groups with Airplane, use groups to manage permissions across tasks and runbooks. This ensures new users get access to the right things without any manual configuration.