In this article, we'll be referencing this URL at a couple of places. You can figure out what to use there by going to Manage Organization > Configuration
If you've custom domain setup on AirMason
- then your Organization URL will be your custom domain (Eg: handbooks.johnsmithweb.com)
- otherwise it will be books.airmason.com/<company-handle>, where <company-handle> is company handle that you've set up. (Eg: books.airmason.com/johnsmith)
Setting up AirMason app on OneLogin:
Login to OneLogin and go to Applications and click on Add App button
Then search for “saml test connector” and select SAML Test Connector (Advanced) and click Save
Then go to Configuration and set
3.1. ACS (Consumer) URL as https://<Organization URL>/onelogin/saml2 (replace <Organization URL> with your Organization URL)
3.2. For ACS (Consumer) URL Validator, go to this site and paste your ACS URL from above step and click on Escape, then set this field as ^<Escaped Value>$ (replace <Escaped Value> with your escaped value) (This field should look like this, eg: ^https:\/\/handbooks.johnsmithweb.com\/onelogin\/saml2$, ^https:\/\/books.airmason.com\/johnsmith\/onelogin\/saml2$)
Go to Rules and set
4.1. NameID value as Email
4.2. And add 3 custom parameters (case sensitive) as shown below. Make sure Include in SAML assertion is checked while adding these parameters.
Connecting OneLogin SSO app to AirMason:
Under your newly created Idaptive app, go to SSO page and copy the following:
1.1. Issuer URL
1.2. SAML 2.0 Endpoint (HTTP)
1.3. X.509 Certificate by clicking on View Details provided under X.509 Certificate
Now, login to airmason.com and go to Integrations page
Select OneLogin app from SSO applications and click on Connect and set the following params:
3.1. Issuer URL as Issuer URL value from Step 1.1.
3.2. SAML 2.0 Endpoint as SAML 2.0 Endpoint (HTTP) value from Step 1.2.
3.3. Certificate as X.509 Certificate value from Step 1.3.
Testing OneLogin SSO as employee:
Go to your Organization URL. It should show you login page for viewing your handbooks
Click on "Login with OneLogin"
It should take you to login using OneLogin SSO credentials (if you are not logged in)
Once you log in, it should bring you back to AirMason and you should be able to view handbooks you've access to (similar to what is shown below).