Skip to main content

HelloID

ControlUp SAML application setup

Follow these instructions to set up the ControlUp SAML application in HelloID. The configuration takes place in HelloID and in the ControlUp admin center.

Requirements

  • HelloID environment

  • ControlUp environment

Step 1: Create or import a certificate

If there is no certificate yet, a certificate must be imported or created. This can be done in the HelloID admin portal; see Certificates settings.

For this tutorial, we will use a self-signed certificate. Learn more about certificates here.

  1. Go to Settings > Certificates.

  2. Click Create Self-Signed Certificate.

  3. Set the following fields:

    2023-03-23_10-43-42.jpg

    1. Name Of Certificate: ControlUpSelfSigned

    2. Common Name (Domain): <yourcustomerid>.helloid.com

    3. All other fields: set according to your organization's requirements.

  4. Click Save.

Step 2: Add the application

  1. Go to Applications > Applications.

  2. Click Open Application Catalog.

    2022-10-10_12-38-12.jpg

  3. Search for the ControlUp SAML template, and click Add.

    ControlUp_Add.png
Step 3: Application setup

  1. On the General tab, set the following field:

    ControlUp_DefaultLoginURL.png
    Default Login URL

    Fill the default login URL with the ControlUp environment SSO URL: replace {customername} with your company name. Optionally, you may also add a description.

  2. Click Next.

  3. On the Single Sign On tab, set the following fields:

    ControlUp_SSO.png
    Endpoint URL

    This field is already filled in. You only need to change it if the app should connect to a different ControlUp environment (for example, a test or acceptance environment). To check this in ControlUp, sign in to your ControlUp environment and go to Settings > SAML Single Sign On > Enpoint/Assertion Login URL. Use the value from your ControlUp environment if it is different.

    X509 Certificate

    From the drop-down, select the previously created or imported certificate.

    Extra audience

    This field is prefilled with the default relying party trust identifier from ControlUp: urn:controlup:prod. To check this in ControlUp, sign in to your ControlUp environment and go to Settings > SAML Single Sign On > Relying Party Trust Identifier. Use the value from your ControlUp environment if it is different.

  4. Click Next.

  5. On the Self Service tab, choose whether to generate a product (see Products) for users to request this application. If you do, select the Group that will be linked to the product.

  6. Click Next.

  7. On the Finish tab, click Save.

    ControlUp_Finish.png
Step 4: Mappings

ControlUp expects the company name to be sent within the SAML request when using IDP initiated login.

  1. Open the new ControlUp application and click the Configure mapping set button.

  2. Click Change attributes.

    ControlUp_ChangeAttributes.png

  3. Replace organizationname in the orgurl mapping with your ControlUp organization name.

    ControlUp_Mapping.png

  4. Click Close and save the application.

Step 5: Post-setup configuration
HelloID side

Get the application's metadata:

  1. Go to Applications > Applications and click Edit for the ControlUp application.

  2. Click Download Metadata and save it to a local file on your machine.

    SAML_metadata.jpg
ControlUp side

After the Identity Provider has been configured, edit the general system settings in ControlUp. To do so, follow the steps below:

  1. Sign in to ControlUp.

  2. Go to Settings > SAML Single Sign On.

  3. Click Import and upload the previously downloaded metadata XML file.

  4. Click the Test button to test the Single Sign-On connection. When successful you can save the configuration. The SSO connection has been setup properly.

Step 7: Finish up

The application has been added to HelloID, and a trust has been configured. You may now want to do the following:

In this section: