Set up Okta SAML SSO for Airspeed
Last updated: May 20, 2026
This guide describes how to set up Okta SAML SSO authentication for Airspeed.
Step 1: Create a SAML app in Okta
Log in to your Okta Admin account.
Click Admin.
Go to Applications → Applications → Create App Integration.
In the dialog:
Sign-in method: Select SAML 2.0
Click Next.
General Settings:
App name:
Airspeed(Optional) Upload the Airspeed logo
Click Next.
SAML Settings:
General:
Single sign-on URL (ACS URL):
https://saml-prod-8b78cf61bdc911eda56f3950b1ce3d93-eu-west-1.aws.supertokens.io/api/oauth/samlAudience URI (SP Entity ID):
https://saml.boxyhq.comName ID format:
EmailAddressApplication username:
Email
Attribute Statements:
Add the following Name and Value records:
id→user.idemail→user.emailfirstName→user.firstNamelastName→user.lastName
Group Attribute Statements:
Add a group filter so that groups starting with the prefix
Airspeed_are passed to Airspeed.Name:
groupsFilter:
Starts with→Airspeed_
Leave the rest as default unless instructed otherwise by your admin team.
Click Next.
Complete the Feedback page and click Finish.
In the Sign On tab for your new app, click View SAML setup instructions.
Copy the IDP metadata XML — you’ll need to send this to Airspeed.
Step 2: Configure Okta in Airspeed
Reach out to your Airspeed contact or to
support@glyphic.aiSend a message requesting to have Okta SAML SSO enabled
Send the IDP metadata XML from Okta: we'll need this to connect to your account
Airspeed will notify you once setup is complete
Step 3: (Optional) Assign Airspeed roles via Okta groups
If you create the following Okta groups and assign users to them, Airspeed will automatically map these to roles on the next user login:
Airspeed_Owners →
OWNER
Airspeed_Admins →
ADMINAirspeed_Users →
USERAirspeed_Viewers →
VIEWER
Role changes in Okta will be applied the next time the user logs in to Airspeed.
If you don't configure Airspeed role groups, new users will default to USER s
Step 4: Assign users in Okta
In Okta, open your new Airspeed app.
Go to the Assignments tab.
Assign the users and/or groups who should have access to Airspeed.
They can now log in via your Okta SSO page or the Airspeed login screen.
FAQ
How do users log in via SAML SSO?
Once the above setup is complete, users can go to the Airspeed login page, enter their work email address, and they will see a button to log in with SAML SSO.
Do users need to be invited from within Airspeed's User Management page?
No, if you have SAML SSO enabled, you do not need to manually invite users from within Airspeed. Any user who you have granted access to Airspeed within Okta will be able to log in, even if they have not been invited from within Airspeed.
Users who have been invited within Airspeed, but are not assigned access within Okta, will not be able to log in via SAML SSO.
Do I need to assign Airspeed roles via Okta groups?
If you do not configure Okta groups, any new user signing up for Airspeed via SAML SSO will be given the User role.
Does Airspeed support SCIM?
No, SCIM is not supported currently — Deleting or deactivating a user in Okta will prevent them from logging in to Airspeed, but you’ll still need to manually remove them in the Airspeed User Management Dashboard to fully delete their account.
Why do I see a 403 error when clicking the Airspeed tile in Okta?
The Okta tile tries IdP-initiated login, which is not supported as IdP flows are less secure (see this article for more info).
Airspeed's login page supports SP-initiated SAML login (the secure, recommended flow). Your users should navigate directly there to log in.
If you still want Okta homepage tile to direct users to Airspeed you can use this workaround:
Set the Airspeed SAML app tile as hidden in your Okta dashboard.
Create an Okta Bookmark App pointing to
https://app.goairspeed.com/authand show that tile to users instead.Assign users to both apps:
The SAML app enforces access and handles authentication.
The Bookmark app is just a dashboard link that launches Airspeed with SP-initiated SSO.