Skip to main content

HelloID

Intus InPlanning SAML application setup

Follow these instructions to set up the Intus InPlanning SSO application in HelloID.

Tip

For more information about managing applications, see Applications.

Requirements

  • Intus InPlanning environment

Step 1: Add a certificate

  1. Go to Settings > Certificates.

  2. Click Create Self-Signed Certificate.

  3. Set the following fields:

    2023-09-26_11-48-04.jpg

    1. Name Of Certificate: Intus InPlanning SelfSigned

    2. Common Name (Domain): <yourcustomerid>.helloid.com

    3. All other fields: set according to your organization's requirements.

  4. Click Save.

Step 2: Add the application

  1. Go to Applications > Applications.

  2. Click Open Application Catalog.

    2022-10-10_12-38-12.jpg

  3. Search for the Intus InPlanning template, and click Add.

    2023-09-26_11-51-21.jpg
Step 3: Application setup

Tip

For details on all available fields, see the Application settings reference.

  1. On the General tab, set the following fields:

    2023-09-26_11-56-11.jpg
    Default Login URL

    Your InPlanning URL, in the format https://<customer>.rooster.nl. For example, https://tools4ever.rooster.nl

  2. Click Next.

  3. On the Single Sign On tab, set the following fields:

    2023-09-26_12-10-20.jpg
    Endpoint URL

    Your InPlanning URL, in the format https://<customer>.rooster.nl/InplanningService/rest/sso/saml2/post.. For example, https://tools4ever.rooster.nl/InplanningService/rest/sso/saml2/post

    Issuer

    Your HelloID portal URL, in the format <customer>.helloid.com. For example, t4e-seattle-159.helloid.com

    X509 Certificate

    Select the self-signed certificate you previously created.

    Extra Audience

    Your InPlanning URL, in the format https://<customer>.rooster.nl/. For example, https://tools4ever.rooster.nl/

    SP-Initiated URL

    Your InPlanning URL, in the format https://<customer>.rooster.nl/. For example, https://tools4ever.rooster.nl/

  4. Click Next.

  5. On the Self Service tab, choose whether to generate a product (see Products) for users to request this application. If you do, select the Group that will be linked to the product.

    2023-09-26_12-11-21.jpg

  6. Click Next.

  7. On the Finish tab, click Save.

Step 4: Post-setup configuration
HelloID side

  • Get the application's metadata, to send to the service provider.

    1. Go to Applications > Applications and click Edit for this application.

    2. Right-click on Download Metadata and click Copy Link Address.

      Example 1. SAML Metadata
      SAML_metadata.jpg

      https://enyoi.helloid.com/metadata/download?ApplicationGUID=c277185a-cd1f-451c-8068-c751ed85a028

      2023-03-23_11-46-21.jpg


    3. Paste the URL into a local text editor, and replace download with index.

      For example, https://enyoi.helloid.com/metadata/download?ApplicationGUID=c277185a-cd1f-451c-8068-c751ed85a028 becomes https://enyoi.helloid.com/metadata/index?ApplicationGUID=c277185a-cd1f-451c-8068-c751ed85a028.

SP side

  1. Obtain the InPlanning sysadmin role from an Intus consultant, or someone in your organization who uses InPlanning. This gives you access to InPlanning configuration.

  2. In InPlanning, go to the administration panel.

    1.jpg

  3. Select the option that corresponds to your role:

    2.jpg

    1. Administratie (Admistration)

    2. Systeem (System)

    3. SSO configuratie (SSO configuration)

    4. Nieuwe SSO-configuratie (New SSO configuration)

  4. Enter the following values:

    3.jpg

    1. Applicatie-URL (Entity ID): The application URL in the format https://<customer>.rooster.nl/app/. For example, https://tools4ever.rooster.nl/app/.

    2. Metadatabron: Your Metadata preference: either file or URL (recommended). The metadata source is the URL you previously obtained from HelloID.

    3. Attribuut/claim met gebruikersnaam: The unique identifier from the HelloID account, which has to match the user account in InPlanning. Usually the UPN is used. Your claimname should look like: http://schemas.xmlsoap.org/ws/2005/05/Identity/claims/name

      4.jpg

    4. Notificatie-e-mail versturen naar: Notification email address.

      Enkelvoudig uitloggen (SLO): Optionally enable this toggle to enable single logout.

    5. Actief: Toggle for activation. The configuration is only active if the switch is on in combination with a reboot and the right settings at Intus. Otherwise nothing happens.

    Note

    You can find many of these values on the overview (Overzicht) tab.

    5.jpg

    2. Application URL to be copied to Identifier (Entity ID)

    3. Assertion Consumer Service URL to be copied at Reply URL

    4. Login URL needs to be copied to Sign On URL

    5. Logout URL to be copied to Logout URL

    6.jpg

  5. Save your changes.

Step 5: Test the application

  • Using a HelloID account that has access to the application, go to Applications for users on the user dashboard, and launch the application to test it.

Step 6: Finish up

The application has been added to HelloID, and a trust has been configured. You may now want to do the following:

In this section: