To integrate Ping Identity with AirMason, you need to be added as a collaborator on the account. If you don’t have access, contact the account owner or admin to grant you the required permissions for IT integration. For instructions on adding a new collaborator, refer to this guide.
Employee Portal URL:
In this article, we'll be referencing this URL at a couple of places. You can figure out what to use there by going to Manage Organization > Employee Portal
If you've custom domain setup on AirMason
- then your Employee Portal URL will be your custom domain (Eg: handbooks.johnsmithweb.com)
- otherwise it will be books.airmason.com/<company-handle>, where <company-handle> is company handle that you've set up. (Eg: books.airmason.com/johnsmith)
Setting up AirMason app on Ping Identity:
1. Head to Settings.
2. Open the Authentication tab.
3. Click the toggle next to Turn on SSO Login.
4. Add a name to the Company field. (Warning: Do not use spaces or capital letters in the company name field.)
5. Open your PingIdentity admin panel.
6. Head to the Connections tab and open the Applications view.
7. Click the Plus icon to create a new application.
8. Name your application. Ex: "AirMason"
9. Scroll down and select SAML Application.
10. Click Configure and select the option to Manually Enter configuration information.
Tip: Set up involves copying data from one service to another, so working in two windows side-by-side can help accelerate the process.
11. Copy and paste the following for the ACS and Entity ID to be
https://{{employe portal}}//pingone/saml2
Note: the employee portal can be found using step A above
12. Click on the Attributes Mappings and add the following attributes to match:
Application Attribute | PingOne |
saml_subject | Email Address |
Email Address | |
firstName | Given Name |
lastName | Family Name |
13. Click save
Setting up PingIdentity on AirMason
Saml 2.0 endpoint
1. Open the Configuration tab in PingIdentity.
2. Copy the Single Sign on Service URL.
3. Paste the URL to the Service URL field on the Saml 2.0 endpoint in AirMason
Issuer URL
4 Go back to PingIdentity and copy the IDP Metadata URL.
18. Paste the URL on the Issuer URL on AirMason
Certificate
19. Return to PingIdentity and Enable the Application using the toggle in the window's top right corner.
32. Click Download Signing Certificate and select the .crt option.
Tip: Your certificate may not be ready for download right away. If nothing happens, wait 20 seconds and try again.
33. Open the downloaded certificate using your preferred .txt editor (e.g., Notepad or TextEdit).
34. Copy the Public Key.
35. Paste the key into the Public Key field in to the Certificate x.509 certificate
36. Click Done on AirMason
Testing Ping Identity SSO as employee:
Go to your Employee Portal URL. It should show you login page for viewing your handbooks
Click on "Login with Ping Identity"
It should take you to login using Ping Identity SSO credentials (if you are not logged in)
Once you log in, it should bring you back to AirMason and you should be able to view handbooks you've access to (similar to what is shown below).
