In this article, we'll be referencing this URL at a couple of places. You can figure out what to use there by going to Manage Organization > Configuration
If you've custom domain setup on AirMason
- then your Organization URL will be your custom domain (Eg: handbooks.johnsmithweb.com)
- otherwise it will be books.airmason.com/<company-handle>, where <company-handle> is company handle that you've set up. (Eg: books.airmason.com/johnsmith)
Setting up AirMason app on Okta:
Follow this guide for creating an integration on okta https://developer.okta.com/docs/guides/build-sso-integration/saml2/create-your-app/
While creating an app, make sure:
2.1. "Single sign on URL" and "Audience URI (SP Entity ID)" are set to https://<Organization URL>/okta/saml2 (replace <Organization URL> with your Organization URL)
2.2. "Name ID format" is set to "EmailAddress"
2.3. Following "Attribute statements" are defined and mapped to correct values: (Note: This is case sensitive)
Connecting Okta SSO app to AirMason:
Under your newly created Okta app, go to “SignOn” tab and then click on “View Setup Instructions” and copy the following fields:
1.1. Identity Provider Issuer
1.2. Single Sign-On URL
1.3. X.509 Certificate
Now, login to airmason.com and go to Integrations page
Select Okta app from SSO applications and click on Connect and set the following params:
3.1. Issuer URL as Identity Provider Issuer value from Step 1.1.
3.2. SAML 2.0 Endpoint as Single Sign-On URL value from Step 1.2.
3.3. Certificate as X.509 Certificate value from Step 1.3.
Testing Okta SSO as employee:
Go to your Organization URL. It should show you login page for viewing your handbooks
Click on "Login with Okta"
It should take you to login using Okta SSO credentials (if you are not logged in)
Once you log in, it should bring you back to AirMason and you should be able to view handbooks you've access to (similar to what is shown below).