Skip to main content


Decos JOIN application setup
Note: OpenID Connect preferred

It is recommended to connect to Decos JOIN using the OIDC Decos application.


This article demonstrates how to set up Decos JOIN for single sign-on via WS-Federation. The configuration takes place in HelloID and requires you to send information to Tools4ever support and Decos JOIN support.

  • HelloID environment

  • Decos JOIN environment

Create or import a certificate
  1. If there is no certificate yet, you must create or import one. For this tutorial, we will create a self-signed certificate. Name it DecosSelfSigned.

  2. Download the certificate as a Personal Information Exchange (.PFX) file.

  3. Supply it to Tools4ever support. Tools4ever will convert the .PFX certificate into a format compatible with the WS-Federation server, and send you a copy.

  4. When you receive the converted certificate, import it into HelloID. Name it Decos WS-Federation. Ignore any certificate errors.

Application setup
Add the Decos WS-Federation application
  1. Open the HelloID application catalog.

  2. Add the Decos (wsfed) application.

General tab

Change the following settings:

  • Default Login URL

    Your Decos server's base URL. For example: https://{customer}

Single Sign-On tab
  • Realm

    Your Decos server's base URL. For example: https://{customer}

  • Endpoint URL

    Your Decos server's base URL. For example: https://{customer}

  • X509 Certificate

    Select the Decos WS-Federation certificate you received from Tools4ever support

Self Service tab

Optionally, generate a Self Service product, which makes the application requestable. Select a group which will have access to the product.

Finish tab

Select the Save button to add the Decos JOIN application to HelloID.

Additional configuration

By default, the following mappings are created:


If required, you can add any of the following claims: otherPhone, mobilePhone or homePhone. These are the only custom claims that Decos accepts.

For more information, see Mapping - Overview.

Additional Decos sites

HelloID does not support multiple WS-Federation endpoints on the same application. If you need to add your ADMIN and ASPX pages, create a new WS-Federation application for each of them and repeat the steps in this article.

  • ADMIN: https://{customer}

  • ASPX: https://{customer}

Supplier-side configuration

The HelloID side of the configuration is now finished.

To complete the setup, contact Tools4ever support and request your Decos endpoint URLs. Then send these URLs to Decos so they can configure their side of the application.

Finish up

The Decos JOIN application has been added to HelloID, and a trust has been configured between Decos JOIN and HelloID. You are now free to test the application and assign it to users within your organization. See Applications - Overview and its related articles for more information.