Skip to main content
How to connect DUO SSO

Find out how to set up DUO SSO on AirMason

Judith avatar
Written by Judith
Updated this week

To integrate DUO with AirMason, you need to be added as a collaborator on the account. If you don’t have access, contact the account owner or admin to grant you the required permissions for IT integration. For instructions on adding a new collaborator, refer to this guide.

Employee Portal URL:

In this article, we'll be referencing this URL at a couple of places. You can figure out what to use there by going to Manage Organization > Employee Portal

If you've custom domain setup on AirMason
- then your Employee Portal URL will be your custom domain (Eg: handbooks.johnsmithweb.com)
- otherwise it will be books.airmason.com/<company-handle>, where <company-handle> is company handle that you've set up. (Eg: books.airmason.com/johnsmith)


Setting up AirMason app on DUO:

  1. Login to DUO and go to Applications and click on Protect an Application button

  2. Then search for “Generic Service Provider” and select Generic Service Provider - 2FA with SSO hosted by Duo (Single Sign-On) and click Protect

  3. Scroll Down to Service Provider section and set the following fields:
    3.1. Entity ID and Assertion Consumer Service (ACS) URL as https://<EmployeePortalURL>/duo/saml2 (replace <Employee Portal URL> with your Employee Portal URL)

  4. Go to SAML Response, set the following fields:

    4.1. NameID format to nameid-format:emailAddress

    4.2. NameID attribute to email address field

    4.3. Under Map attributes, add the following (case sensitive):

    4.3.1. Email address field to “email

    4.3.2. First name field to “firstName

    4.3.3. Last name field to “lastName

5. (Optional) Go to Single Sign On > Duo Central and add a new tile for this newly created application. This will allow users to go to AirMason when they’re navigating through DUO central.


Connecting DUO SSO app to AirMason:

  1. Under this newly created DUO application, copy the following:
    1.1. Metadata > Entity ID
    1.2. Metadata > Single Sign-On URL
    1.3. Downloads > Download Certificate, once the certificate is downloaded, open it in text editor application and copy the content of the file

  2. Now, login to airmason.com and go to Integrations page

  3. Select DUO app from SSO applications and click on Connect and set the following params:
    3.1. Issuer URL as Entity ID value from Step 1.1.
    3.2. SAML 2.0 Endpoint as Single Sign-On URL value from Step 1.2.
    3.3. Certificate as downloaded Certificate content from Step 1.3.


Testing DUO SSO as an employee:

  1. Go to your Employee Portal URL. It should show you login page for viewing your handbooks

  2. Click on "Login with DUO"

  3. It should take you to login using DUO SSO credentials (if you are not logged in)

  4. Once you log in, it should bring you back to AirMason and you should be able to view handbooks you've access to (similar to what is shown below).

Did this answer your question?