The Patient Safety Company application setup
Introduction
This article demonstrates how to set up HelloID and Patient Safety for single sign-on using the SAML protocol. The configuration takes place in HelloID and requires you to send information to The Patient Safety Company.
Requirements
HelloID environment
Patient Safety environment
SSO has to be requested from The Patient Safety Company, which may incur additional costs.
Create or import a certificate
If there is no certificate yet, a certificate must be imported or created. This can be done in the HelloID admin dashboard under Settings > Certificates. For this tutorial, we will use a self-signed certificate. Create one before proceeding. See Certificates.
Application setup
Add the Patient Safety application
Go to Applications > Applications and select the Open application catalog button. Find the template for The Patient Safety Company and select its Add button. Learn more about managing applications here.
General tab
On the General tab, enter the Patient Safety environment URL in the format https://{customer}.patientsafety.com/ into the Default Login URL field. Replace the subdomain with your account's actual value.
Select the Next button.
Single Sign-on tab
On the Single Sign-On tab, enter the following information:
Issuer
Leave empty, unless you've received a specific value from The Patient Safety Company.
Endpoint/ACS URL
Enter
https://{customer}.patientsafety.com/vendor/simplesamlphp/simplesamlphp/www/module.php/saml/sp/saml2-acs.php/{customer}.patientsafety.com. Replace the two subdomains with your account's actual value.Validate and use ACS request URLLeave on.
ACS validation listEnter
https://{customer}.patientsafety.com/vendor/simplesamlphp/simplesamlphp/www/module.php/saml/sp/metadata.php/{customer}.patientsafety.com. Replace the two subdomains with your account's actual value.SP-initiated URLLeave empty.
X509 CertificateSelect the self-signed certificate you created earlier.
Overwrite AudienceLeave off.
Extra audience(s)Enter
https://{customer}.patientsafety.com/vendor/simplesamlphp/simplesamlphp/www/module.php/saml/sp/saml2-acs.php/{customer}.patientsafety.com. Replace the two subdomains with your account's actual value.
Select the Next button.
Self service tab
On the Self Service tab, choose whether to automatically create a Self Service product, which makes the application requestable. Select a group which will have access to the product. This is optional.
Select the Next button.
Finish tab
On the Finish tab, select the Save button to add the application to HelloID.
Configure the mapping set
By default, the unique identifier is set to the user's username. This assumes that the user's userPrincipalName is used in HelloID and it matches the user's email address in Patient Safety.
If you wish to use another attribute, see Mapping - Overview.
Supplier-side configuration
The HelloID side of the configuration is now finished. You must now provide the dynamic metadata URL to The Patient Safety Company, so they can complete their side of the configuration. This may incur additional costs.
Go to Applications > Applications and select the Edit link for the newly-added Patient Safety app. Right-click the Download metadata button and select Copy link address. It will resemble something like https://enyoi.helloid.com/metadata/download?ApplicationGUID=e6e741f5-a469-4849-93f7-fe2e259a339f.
Provide this URL to The Patient Safety Company.
Finish up
The Patient Safety application has been added to HelloID, and a trust has been configured between Patient Safety and HelloID. You are now free to assign the application to users within your organization and begin testing it and using it. See Applications - Overview and its related articles for more information.