Please read the OpenID documentation first. Also read the OpenID documentation for your client application.
You may set up an application with OpenID yourself, or send your request to the HelloID team. If you’d like to set up an application with OpenID yourself, please read the OpenID documentation and the client application information regarding OpenID first. Begin by navigating to Applications.
This instruction will cover how to add an OpenID application from a generic template. Note that it is necessary to have access to the client application settings as well in order to complete the setup. It is not sufficient to only set up the application in HelloID. This article will only cover the settings in HelloID because the setup on the application side is different per application.
There are three steps to the process of adding OpenID applications. The first step is to make the application template. The second step is to set up the client ID and secret in your client application. The client ID will be available after setting up the application template. The last step is to check the claim set and adjust if necessary.
How to add an OpenID application
1. Click Open application catalog in the top right corner.
2. Click Generic on the left menu to sort the catalog.
3. Click Add next to Generic OpenID Connect Client to open the Add Application window.
4. Enter a Display Name to replace “Generic OpenID Connect Client.” This Display Name will be shown to end users as the application name on the HelloID dashboard. For this example, the application will be named “Enyoi Secure Page.”
5. Enter the Default Login URL. This is the link to the secure page or the login screen.
6. Enter a Description for the application.
7. Select an icon or drag and drop an image to use for the application’s icon. HelloID will otherwise display the default image.
8. The application is Enabled by default. If you do not want the application to be available for end users, click the toggle to Disable it.
9. Click Next once the information on the General tab is completed to navigate to the Single Sign On tab.
10. The Single Sign On tab is for setting up the application to the OpenID standard. To learn more, read the OpenID documentation.
11. First, enter a secret. This is a shared secret between HelloID and the application. The secret should have a minimum length of 10 characters.
12. Select the Grant Type depending on the required settings for the client application and the desired connection method. For security reasons, authorization_code and hybrid are recommended. To learn more about Grant Type and Supported Scopes, please read the OpenID documentation.
13. Select the Supported Scopes depending on the required settings for the client application and the desired method connection method. For Supported Scopes, openid should always be selected. Select profile to send profile information. To learn more about Grant Type and Supported Scopes, please read the OpenID documentation.
14. Token Life Span (Minutes) is set to 30 by default. This is the duration during which access and ID Tokens are considered valid. The token is necessary for authentication. Depending on the settings of the client application, you may have to re-authenticate after those 30 minutes, however this is not controlled within HelloID. Change this number as needed.
15. The Redirect Uri must exactly match one of the redirection Uri values for the client that are preregistered with the OpenID provider. Learn more about the Uri in the OpenID documentation.
16. Click Next once the Single Sign On tab is completed to navigate to the Self Service tab.
17. Select whether to Generate a Self Service Product using the toggle.
18. Click Next once the Self Service tab is completed.
19. Click Save to finalize the Generic OpenID Connect Client and finish the application setup.
20. Note that the application is not yet working. The Client ID and the Secret must be entered on the application side. The Client ID is created after completing the setup in HelloID and is found by navigating to the Configuration tab in the Edit Application window. Click Edit to open the Edit Application Window.
21. Click on the Configuration tab.
22. The Client ID is now displayed in the respective field.
23. A new Claims option is now visible on the Configuration tab. Click Configure Mapping Set to configure the application’s Claims.
24. Click Change Mappings to see which information is sent using the OpenID standard.
25. The Subject is the unique identifier that must always be defined.
26. Additional fields may be mapped. Click Add mapping to do so.
27. Update the fields with the appropriate information.
28. Click Save in the bottom right corner to confirm the Mapping Settings and return to the Mapping Sets.
29. Navigate to Applications and open the newly created application. For this example, the application remains Enyoi Secure Page.
30. Click Edit.
31. The Edit Application Window will now display additional tabs: Groups, Categories, and Access Rules. For more information see Groups Overview, Categories Overview, and Application Access Rules Overview.
32. Click View discovery document to access the information required for configuring the client-side.
Depending on the client application, you need to enter the corresponding URLs from this discovery document.
Note that this article only covers the application setup within HelloID. Client side configurations are still required for the application to work properly. More OpenID templates will be added in the future to make configuring applications easier.