Skip to main content


nCare OpenID application setup

This article demonstrates how to set up HelloID and nCare for single sign-on using the OpenID Connect protocol. The configuration takes place in HelloID and requires you to edit your login configuration in nCare.

  • HelloID environment

  • nCare environment

Application setup
Add the nCare application
  1. Add a new application.

  2. Find the template for nCare (OpenID Connect).

  3. Select its Add button.

General tab
  • Default Login URL

    If you are using an alternative URL for nCare, enter it here.


Select the Next button.

Single Sign-On tab
  • Secret

    Accept the default value, or optionally, enter a custom secret. If you use a custom value, we suggest a string of at least 52 characters with uppercase characters, lowercase characters, and numbers. The secret cannot contain special characters. Copy it into a text editor, as you will need to enter it in nCare.

  • Redirect URI

    Leave this empty for now. It will be generated later in nCare.

  • Send Group Membership Claim In nCare, it is possible to map HelloID groups to nCare roles. Optionally enable this setting to make HelloID send the user's groups as part of the role claim.


Select the Next button.

Self Service tab

Optionally, generate a Self Service product, which makes the application requestable. Select a group which will have access to the product.

Select the Next button.

Finish tab

On the Finish tab, click Save to add the application to HelloID.


The application is created with the following mapping set:


If you need to edit these mappings, see Mapping - Overview and Edit a mapping set.

Note: If you are using the nCare IAM module and you enabled Send Group Membership Claim, the Department claim is required in the mappings.

Supplier-side configuration

The HelloID side of the configuration is now finished. The next step is to configure nCare. The following information is required:

  • Discovery document URL

  • Client ID & Client Secret

Discovery document
  1. Edit the newly-added nCare application.

  2. Right-click the View discovery document button

  3. Select Copy link. It will resemble:

Client ID & Secret
  1. Edit the newly-added nCare application.

  2. Go to the Configuration tab.

  3. Copy the Client ID.

  4. Select the "eye" button to reveal the Secret, and copy the value.

nCare configuration
  1. Login to nCare with an account that has permissions to change the login settings.

  2. Go to Instellingen > Inlog Instellingen.

  3. Click Toevoegen to add the HelloID provider or Wijzigen to change the current configuration.

  4. Enter a name for the identity provider. For example: HelloID

  5. In the ClientID field, enter the Client ID you previously copied.

  6. In the ClientSecret field, enter the Client Secret you previously copied.

  7. In the MetadataAddress field, enter the discovery document URL you previously copied.

  8. Change the other options as desired.

  9. When finished, click Opslaan.

  10. A unique URL is created for your single-sign-on connection with HelloID. Copy the Redirect URI value.

  11. Edit the nCare application in HelloID.

  12. Enter the copied value in the Redirect URI field.

  13. Click the Save button.

Finish up

The application is now ready for use. Go to the HelloID User Dashboard and launch the application. You should be authenticated into the nCare application without being prompted for credentials.

If you enabled Send Group Membership Claim, additional configuration may be required in nCare to map groups to roles. Contact nCare support for assistance with roles and role mapping.

You are now free to test the application and assign it to users within your organization. See Applications - Overview and its related articles for more information.