To integrate Okta with AirMason, you need to be added as a collaborator on the account. If you don’t have access, contact the account owner or admin to grant you the required permissions for IT integration. For instructions on adding a new collaborator, refer to this guide.
Employee Portal URL:
In this article, we'll be referencing this URL at a couple of places. You can figure out what to use there by going to Manage Organization > Employee Portal
If you've custom domain setup on AirMason
- then your Employee Portal URL will be your custom domain (Eg: handbooks.johnsmithweb.com)
- otherwise it will be books.airmason.com/<company-handle>, where <company-handle> is company handle that you've set up. (Eg: books.airmason.com/johnsmith)
Setting up AirMason app on Okta:
Follow this guide for creating an integration on okta https://developer.okta.com/docs/guides/build-sso-integration/saml2/create-your-app/
While creating an app, make sure:
2.1. "Single sign on URL" and "Audience URI (SP Entity ID)" are set to https://<Employee Portal URL>/okta/saml2 (replace <Employee Portal URL> with your Employee Portal URL)
2.2. "Name ID format" is set to "EmailAddress"
2.3. Following "Attribute statements" are defined and mapped to correct values: (Note: This is case sensitive)
Connecting Okta SSO app to AirMason:
Under your newly created Okta app, go to “SignOn” tab and then click on “View Setup Instructions” and copy the following fields:
1.1. Identity Provider Issuer
1.2. Single Sign-On URL
1.3. X.509 CertificateNow, login to airmason.com and go to Integrations page
Select Okta app from SSO applications and click on Connect and set the following params:
3.1. Issuer URL as Identity Provider Issuer value from Step 1.1.
3.2. SAML 2.0 Endpoint as Single Sign-On URL value from Step 1.2.
3.3. Certificate as X.509 Certificate value from Step 1.3.
Testing Okta SSO as employee:
Go to your Employee Portal URL. It should show you login page for viewing your handbooks
Click on "Login with Okta"
It should take you to login using Okta SSO credentials (if you are not logged in)
Once you log in, it should bring you back to AirMason and you should be able to view handbooks you've access to (similar to what is shown below).