IQMessenger application setup
Introduction
This manual shows you how to set up SSO to IQMessenger.
Requirements:
HelloID environment
IQMessenger environment
Create or Import a Certificate
If there is no certificate yet, a certificate must be imported or created. This can be done in the HelloID Administrator Portal under Settings > Certificates. For this tutorial, we will use a self-signed certificate. Learn more about certificates here.
Application Setup
Add the IQMessenger Application
Create a new application in HelloID by navigating to Applications > Applications. Open the Application Catalog and search for "IQMessenger". Find the SAML template, and click Add. Learn more about managing applications here.
General tab
On the General tab, change the Default Login URL to your IQMessenger portal URL. For example: https://your_portal.iqmessenger.cloud/UMS. Optionally, you may change the name or add a description. Click Next.
Single Sign-on tab
On the Single Sign-On tab, perform the following steps:
Change the Issuer to your HelloID portal URL. For example:
https://customer.helloid.comEnter the Endpoint/ACS URL of your IQMessenger portal. Make sure you use HTTPS and the correct port numbers for your environment.
For example:
https://your_portal.iqmessenger.cloud:8443/auth/realms/default/broker/saml/endpointEnter the ACS Validation list. By default you need to add two URLs, one for port 8443 and one for port 9443. For example:
https://your_portal.iqmessenger.cloud:8443/auth/realms/default/broker/saml/endpointhttps://your_portal.iqmessenger.cloud:9443/auth/realms/default/broker/saml/endpointEnter the SP-Initiated URL. For example:
https://your_portal.iqmessenger.cloud:8443/UMSIf you will be using group memberships for roles in IQMessenger, you must turn on
Send group membership attribute.
In the X509 Certificate dropdown, select the certificate that you created or imported previously.
Click Next.
Self service tab
On the Self Service tab, choose whether to automatically create a Self Service product, which makes the application requestable. This is optional. Click Next.
Finish Tab
On the Finish tab, click Save to add the application to HelloID.
Application metadata
After saving the IQMessenger application, click its Edit link on the applications overview. This will bring you to its properties page.
Right-click the Download metadata button at the right top of the screen and copy the URL for later use in IQMessenger.
Mapping set
The default mapping will send the users contact email address, first name and last name. To change this, see Mapping - Overview.
IQMessenger Configuration
Configure SAML
Go to the IQMessenger Administration Console at
https://your_portal.iqmessenger.cloud:8090/auth/Login to the Administration Console using admin credentials.
To begin configuring a SAML v2.0 provider, go to the Identity Providers left menu item.
Select SAML v2.0 from the Add Provider drop down list. This will bring you to the Add identity
provider page.
Enter an Alias for your SSO configuration.
Scroll down to the Import External IDP Config and enter the Metadata URL you copied when configuring HelloID.
If needed, enter the Single Logout Service URL of your HelloID environment. For example:
https://customer.helloid.com/authentication/signoffGo to the Mappers tab. Create the following mapper configurations:
Name:
UsernameMapper Type:
Username template importerTemplate:
${NAMEID}
Name:
GivennameMapper Type:
Attribute ImporterAttribute Name:
givennameUser Attribute Name:
firstname
Name:
SurnameMapper Type:
Attribute ImporterAttribute Name:
surnameUser Attribute Name:
lastName
If needed, create a mapping between HelloID group memberships and IQMessenger roles:
Name:
{name of your role}Mapper Type:
SAML Attribute to RoleAttribute Name:
MemberOfAttribute Value:
{Name of your HelloID Group}Role: Select the desired role with the Select Role button.
For more information about the configuration and mapping of IQMessenger, refer to the IQMessenger configuration guide.