BitLyft AIR® v1.24: Enterprise SSO and Google Workspace Enhancements
BitLyft AIR® v1.24 introduces enterprise SSO connection management and automatic user provisioning, along with expanded Google Workspace detection and response capabilities — improving onboarding, strengthening identity visibility, and enabling automated phishing response workflows.
Enterprise SSO Enhancements
SSO Connection Management
Administrators can now configure and manage SAML SSO connections directly within AIR, supporting all major identity providers including Okta, Google, Microsoft, and custom SAML configurations. Identity access configuration no longer requires a separate admin console.
Map SSO connections to specific email domains for automatic routing
Set default roles for users provisioned through each SSO connection
Manage all identity provider connections from a single location within AIR
Automatic User Provisioning
Users are now automatically provisioned when they sign in through a configured SSO connection. If a user's email domain matches an SSO configuration, AIR creates the account, assigns the appropriate role, and requires no manual setup.
How It Works
- 1User attempts to sign in via SSO
- 2AIR matches email domain to an SSO connection
- 3Account is created automatically with the configured role
- 4User is authenticated — no manual provisioning needed
Existing users can also transition to SSO-based authentication once a connection is configured.
New Google Workspace Security Policies
v1.24 adds new out-of-the-box detection coverage across Google Workspace administrative activity, application access, drive behavior, and authentication events — surfacing high-risk activity such as privilege changes, API access grants, data exfiltration patterns, and suspicious login behavior.
Administrative Activity
- Privilege escalation and admin role changes
- Security policy modifications
- Abnormal admin actions and potential impersonation
Application Access
- OAuth application grants and API access
- Third-party app connections to Workspace data
- Suspicious application permission changes
Drive Behavior
- Abnormal file sharing and external access grants
- Large-scale downloads and data exfiltration patterns
- Sensitive file exposure events
Authentication Events
- Suspicious login activity and impossible travel
- Failed authentication spikes
- Account compromise indicators
Google Workspace Phishing Containment Playbook
This SOC-ready automation playbook orchestrates a complete phishing response workflow in Google Workspace, reducing dwell time and standardizing response across affected accounts.
Quarantine Emails
Remove malicious messages from all affected inboxes org-wide
Remove Forwarding Rules
Detect and delete attacker-planted forwarding configurations that exfiltrate email
Reset Credentials
Force password reset and session revocation for compromised accounts
Summary
BitLyft AIR® v1.24 improves identity and access management through enterprise SSO while expanding Google Workspace detection and automated response capabilities. These enhancements support faster user onboarding, stronger visibility into cloud collaboration activity, and more consistent incident response across Google environments.
See BitLyft AIR® v1.24 in Action
Want to see how Google Workspace detections trigger automated response workflows in real time?
Schedule a 15-Minute Demo