Ricoh myPrint SAML application setup
Introduction
This manual shows you how to set up HelloID as IDP for Ricoh myPrint, using the SAML protocol. The configuration takes place in HelloID and in Ricoh myPrint.
Requirements:
HelloID environment
Ricoh myPrint
Create or Import a Certificate
If there is no certificate yet, a certificate must be imported or created. This can be done in the HelloID Administrator Portal under Settings > Certificates. For this tutorial, we will use a self-signed certificate. Learn more about certificates here.
HelloID Application Setup
Add the Ricoh myPrint Application to HelloID
Create a new application in HelloID by navigating to Applications > Applications. Open the Application Catalog and search for "Ricoh myPrint". Find the SAML template, and click Add. Learn more about managing applications here.
General tab
On the General tab, fill the default login URL with the Ricoh myPrint URL.
Optionally, you may also add a description. Click Next.
Single Sign-on tab
On the Single Sign-On tab, perform the following steps:
The Name ID format should be emailaddress, but can be changed. When you change this, you need to change it also in Ricoh myPrint.
The Issuer should be your HelloID portal URL.
The Endpoint/ACS URL is the endpoint provided by Ricoh myPrint. This will be the AssertionService URL of the specific Ricoh myPrint instance.
The Binding is by default HTTP-POST. When you change this, you need to change it also in Ricoh myPrint.
In the X509 Certificate dropdown, select the certificate that you created or imported previously.
The Custom Digest method can be the default.
The Custom signature method can be the default.
Click Next.
Self service tab
On the Self Service tab, choose whether to automatically create a Self Service product, which makes the application requestable. This is optional. Click Next.
Finish tab
On the Finish tab, click Save to add the application to HelloID.
Application metadata
After saving the Ricoh myPrint application, click its Edit link on the applications overview. This will bring you to its properties page.
You now have two options to obtain the application metadata.
Static metadata (download)
You can simply click Download metadata at the right top of the screen and save the file to your local computer for later use in Ricoh myPrint.
Dynamic Metadata (URL)
You can copy the link address (something along the lines of https://enyoi.helloid.com/metadata/download?ApplicationGUID=e6e741f5-a469-4849-93f7-fe2e259a339f) and replace 'download' with 'index' to view the metadata.
Ricoh myPrint Configuration
Configuring Ricoh myPrint
After the Identity Provider has been configured, you can continue configuring Ricoh myPrint. To do so, follow the steps below:
Edit the Single Sign-On settings
Sign in to Ricoh myPrint using an account with admin rights
Go to the Single Sign-On settings
On the SAML 2.0 setting page, fill the fields as mentioned below.
1) Change the SP EntityID to the value of you environment (should be ending with /RicohmyPrint/SAML/Acs)
2) Change the IDP EntityID to the URL of your HelloID portal
3) Change the IDP Metadata location to the URL of the metadata of HelloID (as created from step "Dynamic Metadata URL" earlier.
4) Change the IDP Single SignOn URL to the SingleSignOnService URL which can be found in the metadata HelloID.
5) Change the IDP Single Logout URL to the logoff URL. (e.g. "https://<yourHelloIDURL>/authentication/signOff"
6) Fil the Attribute Mapping Configuration with the following values:
Identifier attribute | http://schema.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier |
Name attribute | name |
Email attribute | emailaddress |
GivenName attribute | givenname |
Click Save and Reset application
You have now successfully configured SSO for Ricoh myPrint in HelloID.