Skip to main content

HelloID

Add a generic OpenID Connect application

For more information, see OIDC applications and the OpenID Connect Core docs.

Note

For this example, we'll create a demo OIDC application that can receive a request from the OIDC Debugger.

  1. Go to Applications > Applications.

  2. Click Open Application Catalog.

    2022-10-10_12-38-12.jpg
  3. Click Generic, and then click Add for Generic OpenID Connect.

    2022-10-10_14-44-21.jpg
  4. Enter a Display Name.

    For this example, we'll enter Generic OIDC Test App.

  5. Enter a Default Login URL.

    For this example, we'll enter https://oidcdebugger.com/.

  6. Optional: Enter a Description and Icon.

  7. Click Next.

    2022-10-11_14-12-58.jpg
  8. On the Single Sign On tab, configure the application's options as needed. See Application settings reference.

    Copy the Client ID from HelloID into the target app.

    For this example, we'll copy it into the Client ID field of the OIDC Debugger.

    2022-10-11_14-16-14.jpg
    2022-10-11_14-20-10.jpg
  9. Enter the Authorize URI in the target app, in the format https://<yourcustomerid>.helloid.com/oauth2/v2/connect/authorize.

    2022-10-11_14-19-22.jpg

    Tip

    The Authorize URI can also be found in the authorization_endpoint field in the app's discovery document, after saving the application.

  10. Copy the Redirect URI from the target app into the Redirect URI field in HelloID.

    2022-10-11_14-22-05.jpg
    2022-10-11_14-22-38.jpg
  11. Click Next.

  12. Optional: On the Self Service tab, enable the Generate Self Service Product toggle to automatically create a product (see Products) which grants access to this application. The Group is the group which will mediate access to the application (i.e., the group that the product will add the user to). If you select Generate Group, the name of the group will be HelloIDApp.<AppName>.

    2022-10-11_14-36-33.jpg
  13. Click Next.

  14. On the Finish tab, click Save.

    The application has been created.

    2022-10-11_14-37-51.jpg
  15. Optional: Grant a group access to an application to grant additional Groups access to this application.

  16. Optional: Customize a mapping set for this application.

  17. Optional:Add a product which grants access to an application

  18. Optional: Configure Application access rules

  19. Depending on the client application, you may need to provide values from the discovery document.

    2022-10-11_14-42-17.jpg
    mceclip1.png

The application is now available to users in the relevant groups, on the user dashboard (see Applications for users).

2022-10-11_14-25-40.jpg

When you click the Send Request button in the OIDC debugger, it builds and sends a request. For example:

https://t4e-seattle-159.helloid.com/oauth2/v2/connect/authorize
	?client_id=f63b0cbf-3384-4352-813c-54f67cb9e5c6
	&redirect_uri=https%3A%2F%2Foidcdebugger.com%2Fdebug
	&scope=openid
	&response_type=code
	&response_mode=form_post
	&state=x0wby1kgpx
	&nonce=czzs4sg7f9g

You should get the following success screen:

2022-10-11_14-40-26.jpg