Hey @MichaelJS!

In the abstract, there are three things I keep in mind when it comes to security and shared Form views.

1. Creating versus editing: Form views do not allow you to edit existing data within a base or table(s).
   They only facilitate the creation of new records.
   While it's technically possible for a malicious actor to spam the creation of new records, you could implement a few form design decisions that would discourage or impede someone's ability to spam record creation and buy you enough time to catch the "attack" before it resulted in the creation of additional dirty data.
2. Linked records: If your form exposes a linked record field, someone filling out the form would be able to see the primary field values of all of the linked records in the related table. In my opinion, this is the biggest risk. However, it's only really an issue if your linked records' primary field contains any PII or otherwise sensitive data.
3. Validation & Audits: There are a few nifty tricks that you can use to implement an automated validation and review process of submitted forms. This really just depends on your comfort level with Airtable as a whole, but it's definitely possible.

With those things in mind, you're not putting too much at risk if you do a bit of planning and document where the potential risks are for your specific usage.

Thanks, Ben. That's helpful. I'm looking into SSO as well, since the folks we want filling out the forms already have users accounts in our CRM.

You mentioned that you’re looking into SSO for your forms, but Airtable doesn’t offer SSO on their “external” public-facing forms.

Airtable offers SSO for login to your interfaces and bases, so your users would need to login to your base and/or interfaces as a collaborator, and then you could give them an “internal” form.

However, you can get SSO on “external” public-facing forms with Fillout’s advanced forms for Airtable.

Fillout lets you can create a login page for your form, which will give you these additional security options:

1. You can restrict the logins by SSO.
2. You can restrict the logins by email domain.
3. You can restrict the logins by password.
4. You can restrict logins based on a pre-approved list of email addresses that you have stored in your Airtable base.
5. You can verify & confirm that the user is typing in a valid email address.
6. You can limit form entries to one entry per person.

After the user logs in with their email address, that will let Fillout know who the user is and what the user’s email address is.

Then, you can use this email information to automatically prefill other fields on your form based on who logged into your form, and you can even use this email information to do other advanced tricks with Fillout.

For example, you could use Fillout’s filtering features to filter your linked record fields to only show the user the linked records that they are allowed to see, because those linked records are linked to their email address.

And Fillout offers lots of other advanced features for Airtable as well, such as the ability to:

• Update existing Airtable records using a form.
• Display Airtable lookup fields & Airtable attachment fields on forms.
• Create brand new linked records on a form, or edit existing linked records.
• Create PDF documents from form submissions, and then attach those PDF files to the Airtable record.

I show how to use a few of the advanced features of Fillout on these 2 Airtable podcast episodes:

• Using Fillout to update an Airtable record, and create an eSignature approval process with PDF file creation.
• Using Fillout to create an order entry form with line items.

Hope this helps!

If you’d like to hire the best Airtable consultant to help you with anything Airtable-related, please feel free to contact me through my website: Airtable consultant — ScottWorld