Employee Portal URL:
In this article, we'll be referencing this URL in a couple of places. You can figure out what your Employee Portal URL is by going to Manage Organization > Employee Portal
If you have a custom domain setup on AirMason, your Employee Portal URL will be your custom domain (E.g. handbooks.johnsmithweb.com)
Otherwise, your URL will be “books.airmason.com/<company-handle>”.
[<company-handle> is a placeholder for your company name (E.g. books.airmason.com/johnsmith)]
Setting up AirMason app on Optimal:
1) Follow this guide to create an integration on the Optimal cloud.
2) When creating an app, make sure to choose Manual Entry in Step 2 when asked how you would like to set up the Federation:
3. In Step 3, update the Issuer/Identity to be Optimal_SAML2_AirMason and the “SignIn EndPoint URL” field to “https://<Employee Portal URL>/optimal/saml2.” Replace "<Employee Portal URL>" in that link with your Employee Portal URL. When asked underneath which Protocol for Federation you would like to use, select SAML2.
4) After your Optimal app is created, click Federation Advanced Settings > Modify Claims > Add Claim.
5) Input “First Name” into the “Claim Name” field. Next, select “RENAME_CLAIM_TYPE” in the Transformation Type dropdown. Then, type “firstName” into the “Transformation Details” field. It will convert the First Name field of the Optimal system to firstName, which helps Airmason receive that value.
6) Repeat step 5 for surname and email, inputting lastName and email, respectively, into the Transformation Details field.
Claim Name | Tranaformation Details |
First Name | firstName |
Surname | lastName |
Note: After creating or updating claims, allow 5 minutes for Optimal to apply changes. Then log in using the new mapped attributes.
Connecting Optimal SSO app to AirMason:
In “Application Manager”, click your Optimal app. Then select “Federation Advanced Settings”. Copy the following:
1.1. “General” tab > “Issuer/URN”
1.2. “Endpoints” tab > “IdPInitiated URL”In the “Endpoints” tab, open the “Metadata For App” link and copy the “X509Certificate” value
Now, login to airmason.com and go to the Integrations page
Select "Optimal app" from SSO applications. Then click on "Connect" and set the following params:
3.1. Issuer URL as Identity Provider Issuer value from Step 1.1
3.2. SAML 2.0 Endpoint as Single Sign-On URL value from Step 1.2
3.3. Certificate as X.509 Certificate value from Step 2
Testing Optimal SSO as employee:
Go to your Employee Portal URL. You will see a login page for viewing your handbooks
Click on "Login with Optimal"
If you're not already logged in, you will be prompted to do so using Optimal SSO credentials
Once you log in, you will be brought back to AirMason where you will be able to view the handbooks you have access to (similar to what is shown below).