Skip to main content

HelloID

Medimo OpenID application setup
Introduction

This manual shows how to make an OpenID connection to Medimo. The configuration takes place in HelloID and requires you to send information to Medimo.

Requirements:

  • HelloID environment

  • Medimo environment

Create or Import a Certificate

If there is no certificate yet, a certificate must be imported or created. This can be done in the HelloID Administrator Portal under Settings > Certificates. For this tutorial, we will use a self-signed certificate. Learn more about certificates here.

Application Setup
Add the Medimo Application

Create a new application in HelloID by navigating to Applications > Applications. Open the Application Catalogue and search for "Medimo". Find the OpenID template, and click Add. Learn more about managing applications here.

HelloID_search_Medimo.png
General tab

On the General tab, for now, you can leave the default value in the Default Login URL. Medimo will provide the Login URL. After which the Default Login URL has to be changed! See Final steps - HelloID -Change Default Login URL.

For example: https://secure.medimo.nl/sso/openidconnect/enyoi_helloid

Optionally, you may also add a description. Click Next.

HelloID_general_tab_Medimo.png
Single Sign-on tab

On the Single Sign-On tab, perform the following steps:

  1. Provide a value in the Secret field.

    This can be any value that you want. Although we suggest a string of at least 52 characters.

  2. In the Signing Certificate dropdown, select the certificate that you created or imported previously.

  3. Optionally change the Token Life Span.

  4. you can leave the default value in the Redirect Uri. Medimo will provide the Login URL. After which the Redirect Uri has to be changed! See Final steps - HelloID - Change Redirect Uri.

    For example: https://secure.medimo.nl/sso/openidconnect/enyoi_helloid

  5. Make sure the Send group membership claim is on.

  6. Check the Group membership claim name is 'autorisatie'.

  7. Click Next.

HelloID_SSO_tab_Medimo.png
Self service tab

On the Self Service tab, choose whether to automatically create a Self Service product, which makes the application requestable. This is optional. Click Next.

Finish tab

On the Finish tab, click Save to add the application to HelloID.

HelloID_finish_tab_Medimo.png
Additional Configuration
Discovery document

After adding the Medimo application, click its Edit link on the application overview. This will bring you to its properties page. Right-click View discovery document at the right top of the screen and Copy link address. Make note of it, as you will need to provide this information to Medimo later on.

HelloID_discover_document_copy_url_Medimo.png
Client ID & Client Secret

We also need the Client ID

Go to the Configuration tab of the application. Make note of the Client ID.

And finally, we also need the Client secret. At the configuration tab, click the "eye" icon next to the Secret to view the secret. Make note of the Secret as well.

HelloID_client_id_client_secret_Medimo.png
Medimo Configuration
Request SSO

In order to make the connection, Medimo needs to add the connection on their side. This can be requested at Medimo.

To configure the SSO on the Medimo side, they will need the following information:

  1. OpenID Discovery documentPlease provide the discovery document URL to Medimo. This is the link address you copied at the Additional Configuration - Discovery document

  2. Client IDThe Client ID is a GUID automatically generated when creating an application in your HelloID environment. At Additional Configuration - Client ID & Client Secret is described where to find this.#additional-configuration-22977 For example: 478ecc46-0b96-4e74-baa4-b08995cd35fb

  3. Client SecretThe Client Secret you specified at step 1. at the Single Sign-on Tab of the HelloID configuration (if forgotten, at the Additional Configuration - Client ID & Client Secret is described where to find this again).

    For example: Hc2V5v4fJmPm4vNFgX2tGmNWdUGEy2PCtXXTLkBQQUvsgrC3TeUR

Final steps
HelloID
Change Default Login URL

After Medimo has added the connection on their side, they can provide the Login URL.

When creating the HelloID application, the Default Login URL On the General tab has been left unchanged. Now, this has to be changed to the Login URL Medimo has provided.

Change Redirect Uri

After Medimo has added the connection on their side, they can provide the Redirect URI.

When creating the HelloID application, the Redirect Uri On the Single Sign-On tab has been left unchanged. Now, this has to be changed to the Redirect URI Medimo has provided.

After this change, the SSO configuration is finished! All that's left now is to test the SSO.

In this section: