How to Connect Optimal SSO

Simple and clear instructions for setting up the AirMason app on Optimal

Written by Dave Kaplan
Updated over a week ago

Organization URL:

In this article, we'll be referencing this URL in a couple of places. You can figure out what your organization URL is by going to Manage Organization > Configuration

If you have a custom domain setup on AirMason, your Organization URL will be your custom domain (E.g.

Otherwise, your URL will be “<company-handle>”.

[<company-handle> is a placeholder for your company name (E.g.]

Setting up AirMason app on Optimal:

1) Follow this guide to create an integration on the Optimal cloud.

2) When creating an app, make sure to choose Manual Entry in Step 2 when asked how you would like to set up the Federation:

3. In Step 3, update the Issuer/Identity to be Optimal_SAML2_AirMason and the “SignIn EndPoint URL” field to “https://<Organization URL>/optimal/saml2.” Replace "<Organization URL>" in that link with your Organization URL. When asked underneath which Protocol for Federation you would like to use, select SAML2.

4) After your Optimal app is created, click Federation Advanced Settings > Modify Claims > Add Claim.

5) Input “First Name” into the “Claim Name” field. Next, select “RENAME_CLAIM_TYPE” in the Transformation Type dropdown. Then, type “firstName” into the “Transformation Details” field. It will convert the First Name field of the Optimal system to firstName, which helps Airmason receive that value.

6) Repeat step 5 for surname and email, inputting lastName and email, respectively, into the Transformation Details field.

Claim Name

Tranaformation Details

First Name






Note: After creating or updating claims, allow 5 minutes for Optimal to apply changes. Then log in using the new mapped attributes.

Connecting Optimal SSO app to AirMason:

  1. In “Application Manager”, click your Optimal app. Then select “Federation Advanced Settings”. Copy the following:
    1.1. “General” tab > “Issuer/URN”
    1.2. “Endpoints” tab > “IdPInitiated URL”

  2. In the “Endpoints” tab, open the “Metadata For App” link and copy the “X509Certificate” value

  3. Now, login to and go to the Integrations page

  4. Select "Optimal app" from SSO applications. Then click on "Connect" and set the following params:
    3.1. Issuer URL as Identity Provider Issuer value from Step 1.1
    3.2. SAML 2.0 Endpoint as Single Sign-On URL value from Step 1.2
    3.3. Certificate as X.509 Certificate value from Step 2

Testing Optimal SSO as employee:

  1. Go to your Organization URL. You will see a login page for viewing your handbooks

  2. Click on "Login with Optimal"

  3. If you're not already logged in, you will be prompted to do so using Optimal SSO credentials

  4. Once you log in, you will be brought back to AirMason where you will be able to view the handbooks you have access to (similar to what is shown below).

Did this answer your question?