Skip to main content

HelloID

Infoland Zenya SAML application setup
Introduction

This manual shows you how to set up SSO to Zenya by Infoland, using the SAML protocol. The configuration takes place in HelloID and in the iProva admin center.

Requirements:

  • HelloID environment

  • iProva environment version 5.6 or later

Create or Import a Certificate

If there is no certificate yet, a certificate must be imported or created. This can be done in the HelloID Administrator Portal under Settings > Certificates. For this tutorial, we will use a self-signed certificate. Learn more about certificates here.

infoland-iprova-create-certificate.png
HelloID Application Setup
Add the Infoland Zenya Application to HelloID

Create a new application in HelloID by navigating to Applications > Applications. Open the Application Catalog and search for "iProva". Find the SAML template, and click Add. Learn more about managing applications here.

mceclip0.png
General tab

On the General tab, fill the default login URL with the iProva environment SSO SAML endpoint URL. This is because we later have to add a shortcut and we need to be able to use the default iProva environment SSO URL for this shortcut.

We also advise to change the Display name to something along the lines of '- Hidden - Zenya (SAML)', so it is clear this application will be and is hidden.

Optionally, you may also add a description. Click Next.

mceclip2.png
Single Sign-on tab

On the Single Sign-On tab, perform the following steps:

  1. The Endpoint URL is already filled in. Simply replace '{customer}' with your customer name.

  2. Keep the Sign Assertion option selected.

  3. In the X509 Certificate dropdown, select the certificate that you created or imported previously.

  4. The Extra audience has to be filled with the Entity Id from iProva.

  5. Click Next.

infoland-iprova-single-sing-on-tab.png
Credential tab

On the Credential tab, select perform Credentials are configured by admin and the following steps:

  1. Select the Zenya logincode to send to Zenya

    This is either the user's UserPrincipalName, in this case use {{user.login.username}}.

    Or their SAMAccountName, in which case you'll need to use {{user.attributes.samaccountname}}.

    Note: When using the SAMAccountName, the Active Directory Configuration sync is required to be configured. Learn more about Active Directory Configuration

  2. Click Next.

infoland-iprova-credential-tab.png
Self service tab

On the Self Service tab, choose whether to automatically create a Self Service product, which makes the application requestable. This is optional. Click Next.

Finish tab

On the Finish tab, click Save to add the application to HelloID.

mceclip3.png
Application metadata

After saving the iProva application, click its Edit link on the applications overview. This will bring you to its properties page.

You now have two options to obtain the application metadata.

Static metadata (download)

You can simply click Download metadata at the right top of the screen and save the file to your local computer for later use in Zenya.

mceclip4.png
Dynamic Metadata (URL)

You can copy the link address (something along the lines of https://enyoi.helloid.com/metadata/download?ApplicationGUID=e6e741f5-a469-4849-93f7-fe2e259a339f) and replace 'download' with 'index' to view the metadata.

mceclip2.png
Hiding the application

On the Edit page of the iProva application select Hide application.

mceclip5.png
Infoland Zenya Configuration
Configuring Zenya

After the Identity Provider has been configured, you can continue configuring iProva. To do so, follow the steps below:

Edit the general system settings

Sign in to Zenya using the "Administrator" account

Open the "Go to" ("Ga naar") menu

Click on "Application management" ("Applicatiebeheer")

Click on "General" ("Algemeen") in the "System settings" ("Systeeminstellingen") panel

Click on "Edit" ("Wijzigen")

Scroll down to "Access control" ("Toegang tot de site")

Find the setting "Users are automatically logged on with their network accounts" ("Gebruikers worden automatisch ingelogd met hun netwerk account"), and change it to "Yes, authentication via SAML" ("Ja, authenticatie via SAML")

Additional options will appear:

iProva-admin-access-control.png
Start the set up wizard

Click "Set up". This will open a wizard to assist during setup.

Make sure that your Identity Provider is set up, then click "Next" ("Volgende").

iProva-admin-setup-saml-step-1-information.png
Upload or download the Identity Provider's Federation Data

If you are downloading the data, select "From URL" ("Via een URL"), enter the URL in the text box and then click the download arrow next to it. The box below will show whether the file is correctly downloaded, or alert you to any issues with the file. The URL should look like this:

https://enyoi.helloid.com/metadata/index?ApplicationGUID=e6e741f5-a469-4849-93f7-fe2e259a339f

If you are uploading a file, select "From XML file" (Via een XML bestand). Click on "upload a file" ("een bestand uploaden") and select the file to upload. Alternatively you can drag a file into the upload box. If there are any problems with the file, these will be displayed.

When you are done, click "Next" ("Volgende")

iProva-admin-setup-saml-step-2-federation-data.png
Test whether everything works

You must now test whether everything is set up correctly. This is done by clicking the "Test log in" ("Test inloggen") button. A new tab or window will be opened to the Identity Provider's sign-on page. Depending on whether you already have signed in, this window may immediately close again, completing the test. If the window does not close, you must sign in with your Identity Provider to continue.

iProva-admin-setup-saml-step-3-test-log-in.png

Once the test is successfully completed, click "Next" ("Volgende") to continue.

iProva-admin-setup-saml-step-3-test-log-in-succeeded.png
Set up the Claim

You must now set up which Claim attribute will be used to match the Zenya user's login code. A list of available claims, with their value for the account you tested with, is shown to aid you in selecting the correct claim.

After selecting the correct attribute the wizard can be finished by clicking on "Finish" ("Voltooien").

iProva-admin-setup-saml-step-4-set-up-claim.png
Additional HelloID Application Setup
Add the Generic Shortcut Application to HelloID

Crurrently the iProva application will result in an endless redirection loop if you do not hide this application and create a shortcut. Creat a new application in HelloID by navigating to Applications > Applications. Open the Application Catalog and search for "Generic Shortcut". Find the Plugin template, and click Add. Learn more about managing applications here.

2023-04-19_13-19-01.jpg
General tab

On the General tab, use the default Zenya environment SSO URL for the default login URL.

Optionally, you may also add a description. Click Next.

generic-shortcut-general-tab.png
Finish tab

On the Finish tab, click Save to add the application to HelloID.

generic-shortcut-finish-tab.png

You have now successfully configured SSO for iProva in HelloID.

In this section: