In this article, we'll be referencing this URL at a couple of places. You can figure out what to use there by going to Manage Organization > Configuration
If you've custom domain setup on AirMason
- then your Organization URL will be your custom domain (Eg: handbooks.johnsmithweb.com)
- otherwise it will be books.airmason.com/<company-handle>, where <company-handle> is company handle that you've set up. (Eg: books.airmason.com/johnsmith)
Setting up AirMason app on G-Suite:
Login into https://admin.google.com/ac/home using google admin account
Then follow these steps to create Google saml app
Google Identity Provider details
Service provider details
ACS URL and Entity ID is your https://organization URL/gg_sso/saml2
NAME ID should match the following image
Once the app is created, go to “User access” and select employees you want to give access to.
Connecting G-Suite SSO app to AirMason:
Go to G-Suite app and click on "DOWNLOAD METADATA" button
1.1. Your browser URL should be looking something like this:
https://admin.google.com/u/1/ac/apps/saml/587527004653 . In this example URL, 587527004653 is AppID. Copy your AppID from your URL (we would be using it later)
1.2. From the download metadata page, copy your Entity ID and Certificate
1.3. From your Entity ID field, copy idpid. If Entity ID looks like this https://accounts.google.com/o/saml2?idpid=C03e14v76 then C03e14v76 is idpid.
Now, login to airmason.com and go to Integrations page
Select GSuite app from SSO applications and click on Connect and set the following params:
3.1. Issuer URL as Entity ID value from Step 1.2.
3.2. Certificate as Certificate value from Step 1.2.
3.3. SAML 2.0 Endpoint as https://accounts.google.com/o/saml2/initsso?idpid=<idpid>&spid=<AppID>&forceauthn=false (replace <AppID> with your AppID value from step 1.1. and <idpid> with your app's idpid from step 1.3.). Your final URL should look something like this:
Testing GSuite SSO as employee:
Go to your Organization URL. It should show you login page for viewing your handbooks
Click on "Login with Google SSO"
It should take you to login using google SSO credentials (if you are not logged in)
Once you log in, it should bring you back to AirMason and you should be able to view handbooks you've access to (similar to what is shown below).