Employee Portal URL:
In this article, we'll be referencing this URL at a couple of places. You can figure out what to use there by going to Manage Organization > Employee Portal
If you've custom domain setup on AirMason
- then your Employee Portal URL will be your custom domain (Eg: handbooks.johnsmithweb.com)
- otherwise it will be books.airmason.com/<company-handle>, where <company-handle> is company handle that you've set up. (Eg: books.airmason.com/johnsmith)
Setting up AirMason app on DUO:
Login to DUO and go to Applications and click on Protect an Application button
Then search for “Generic Service Provider” and select Generic Service Provider - 2FA with SSO hosted by Duo (Single Sign-On) and click Protect
Scroll Down to Service Provider section and set the following fields:
3.1. Entity ID and Assertion Consumer Service (ACS) URL as https://<EmployeePortalURL>/duo/saml2 (replace <Employee Portal URL> with your Employee Portal URL)Go to SAML Response, set the following fields:
4.1. NameID format to nameid-format:emailAddress
4.2. NameID attribute to email address field
4.3. Under Map attributes, add the following (case sensitive):
4.3.1. Email address field to “email”
4.3.2. First name field to “firstName”
4.3.3. Last name field to “lastName”
5. (Optional) Go to Single Sign On > Duo Central and add a new tile for this newly created application. This will allow users to go to AirMason when they’re navigating through DUO central.
Connecting DUO SSO app to AirMason:
Under this newly created DUO application, copy the following:
1.1. Metadata > Entity ID
1.2. Metadata > Single Sign-On URL
1.3. Downloads > Download Certificate, once the certificate is downloaded, open it in text editor application and copy the content of the fileNow, login to airmason.com and go to Integrations page
Select DUO app from SSO applications and click on Connect and set the following params:
3.1. Issuer URL as Entity ID value from Step 1.1.
3.2. SAML 2.0 Endpoint as Single Sign-On URL value from Step 1.2.
3.3. Certificate as downloaded Certificate content from Step 1.3.
Testing DUO SSO as an employee:
Go to your Employee Portal URL. It should show you login page for viewing your handbooks
Click on "Login with DUO"
It should take you to login using DUO SSO credentials (if you are not logged in)
Once you log in, it should bring you back to AirMason and you should be able to view handbooks you've access to (similar to what is shown below).