Application (aka service provider) single sign-on (SSO) is the core feature of HelloID's Access Management module. Your users log in just once, and can seamlessly access all their applications with one click.
The applications flow works as follows:
- First, you add an application to HelloID. If your application is popular, it may already be in HelloID's application catalog. Applications added from the catalog come with pre-packaged settings and require only minimal setup. To make this process even easier, we offer a library of application guides for the most popular applications in the catalog.
- If your application isn't in the catalog, you'll need to add it by customizing a generic template. Specific guides are available for OpenID Connect (OIDC) applications and SAML applications. PKCE is supported for OIDC applications.
- After adding your application, you can manage its settings. Refer to Manage an application for a list of common settings.
- Access to applications is mediated by user group membership. Each application's configuration page has a Groups tab where you can associate certain user groups with the application. Then, add individual users (or other groups) to that group.
- Configure each application's mapping set to send the appropriate SSO claims when a user launches the application from HelloID. For applications which don't support a formal SSO protocol, and only support web login via username/password, you can instead add application credentials.
- After an application has been fully configured and users have been granted access, users can access it via the Applications tab of the end user dashboard. Organize this page using application categories.
The Applications Overview
On the Applications Overview page (Applications > Applications), there is a list of all SSO applications configured in your HelloID environment.
The following information is listed for each application:
The application's icon is shown on the HelloID User Dashboard. Change the icon by clicking Edit in the Actions column. You can find more information about managing applications here.
The application's name is shown beneath the icon on the HelloID User Dashboard. Change the name by clicking Edit in the Actions column.
Type refers to the SSO protocol used by HelloID for that specific application. This field will rarely change. Sometimes, however, a new SSO protocol will become available for a given application.
Enabled applications are available to users via their dashboard. Disabled applications are not available to end users.
Admins may Edit or Delete an application by clicking the respective link under the Actions column.
Next: Add an application >>