How to connect DUO SSO

Find out how to set up DUO SSO on AirMason

Judith avatar
Written by Judith
Updated over a week ago

Organization URL:

In this article, we'll be referencing this URL at a couple of places. You can figure out what to use there by going to Manage Organization > Configuration

If you've custom domain setup on AirMason
- then your Organization URL will be your custom domain (Eg:
- otherwise it will be<company-handle>, where <company-handle> is company handle that you've set up. (Eg:

Setting up AirMason app on DUO:

  1. Login to DUO and go to Applications and click on Protect an Application button

  2. Then search for “Generic Service Provider” and select Generic Service Provider - 2FA with SSO hosted by Duo (Single Sign-On) and click Protect

  3. Scroll Down to Service Provider section and set the following fields:
    3.1. Entity ID and Assertion Consumer Service (ACS) URL as https://<Organization URL>/duo/saml2 (replace <Organization URL> with your Organization URL)

  4. Go to SAML Response, set the following fields:

    4.1. NameID format to nameid-format:emailAddress

    4.2. NameID attribute to email address field

    4.3. Under Map attributes, add the following (case sensitive):

    4.3.1. Email address field to “email

    4.3.2. First name field to “firstName

    4.3.3. Last name field to “lastName

5. (Optional) Go to Single Sign On > Duo Central and add a new tile for this newly created application. This will allow users to go to AirMason when they’re navigating through DUO central.

Connecting DUO SSO app to AirMason:

  1. Under this newly created DUO application, copy the following:
    1.1. Metadata > Entity ID
    1.2. Metadata > Single Sign-On URL
    1.3. Downloads > Download Certificate, once the certificate is downloaded, open it in text editor application and copy the content of the file

  2. Now, login to and go to Integrations page

  3. Select DUO app from SSO applications and click on Connect and set the following params:
    3.1. Issuer URL as Entity ID value from Step 1.1.
    3.2. SAML 2.0 Endpoint as Single Sign-On URL value from Step 1.2.
    3.3. Certificate as downloaded Certificate content from Step 1.3.

Testing DUO SSO as an employee:

  1. Go to your Organization URL. It should show you login page for viewing your handbooks

  2. Click on "Login with DUO"

  3. It should take you to login using DUO SSO credentials (if you are not logged in)

  4. Once you log in, it should bring you back to AirMason and you should be able to view handbooks you've access to (similar to what is shown below).

Did this answer your question?