nCare OpenID application setup
Introduction
This article demonstrates how to set up HelloID and nCare for single sign-on using the OpenID Connect protocol. The configuration takes place in HelloID and requires you to edit your login configuration in nCare.
Requirements
HelloID environment
nCare environment
Application setup
Add the nCare application
Add a new application.
Find the template for nCare (OpenID Connect).
Select its Add button.
General tab
Default Login URL
If you are using an alternative URL for nCare, enter it here.
Select the Next button.
Single Sign-On tab
Secret
Accept the default value, or optionally, enter a custom secret. If you use a custom value, we suggest a string of at least 52 characters with uppercase characters, lowercase characters, and numbers. The secret cannot contain special characters. Copy it into a text editor, as you will need to enter it in nCare.
Redirect URI
Leave this empty for now. It will be generated later in nCare.
Send Group Membership Claim In nCare, it is possible to map HelloID groups to nCare roles. Optionally enable this setting to make HelloID send the user's groups as part of the role claim.
Select the Next button.
Self Service tab
Optionally, generate a Self Service product, which makes the application requestable. Select a group which will have access to the product.
Select the Next button.
Finish tab
On the Finish tab, click Save to add the application to HelloID.
Mappings
The application is created with the following mapping set:
If you need to edit these mappings, see Mapping - Overview and Edit a mapping set.
Note: If you are using the nCare IAM module and you enabled Send Group Membership Claim, the Department claim is required in the mappings.
Supplier-side configuration
The HelloID side of the configuration is now finished. The next step is to configure nCare. The following information is required:
Discovery document URL
Client ID & Client Secret
Discovery document
Edit the newly-added nCare application.
Right-click the View discovery document button
Select Copy link. It will resemble:
https://enyoi.helloid.com/oauth2/v2/e6e741f5-a469-4849-93f7-fe2e259a339f/.well-known/openid-configuration/
.
Client ID & Secret
Edit the newly-added nCare application.
Go to the Configuration tab.
Copy the Client ID.
Select the "eye" button to reveal the Secret, and copy the value.
nCare configuration
Login to nCare with an account that has permissions to change the login settings.
Go to Instellingen > Inlog Instellingen.
Click Toevoegen to add the HelloID provider or Wijzigen to change the current configuration.
Enter a name for the identity provider. For example:
HelloID
In the ClientID field, enter the Client ID you previously copied.
In the ClientSecret field, enter the Client Secret you previously copied.
In the MetadataAddress field, enter the discovery document URL you previously copied.
Change the other options as desired.
When finished, click Opslaan.
A unique URL is created for your single-sign-on connection with HelloID. Copy the Redirect URI value.
Edit the nCare application in HelloID.
Enter the copied value in the Redirect URI field.
Click the Save button.
Finish up
The application is now ready for use. Go to the HelloID User Dashboard and launch the application. You should be authenticated into the nCare application without being prompted for credentials.
If you enabled Send Group Membership Claim, additional configuration may be required in nCare to map groups to roles. Contact nCare support for assistance with roles and role mapping.
You are now free to test the application and assign it to users within your organization. See Applications - Overview and its related articles for more information.