Introduction

You may set up your OpenID application yourself, or send your request to the HelloID team. If you’d like to set it up yourself, be sure to have the OpenID documentation (above) and the client application documentation on hand.

To get started, go to Applications > Applications.

These instructions will cover how to add an OpenID application from a generic template. Note that you must have access to the client application settings as well in order to complete the setup. It is not sufficient to only set up the application in HelloID. This article will only cover the settings in HelloID because the setup on the application side is different for each application.

If you're looking for a guide for a specific application, check the Application Guides section.

There are three steps to the process of adding OpenID applications:

1. Create the application template.
2. Set up the client ID and secret in your client application. (The client ID will be available after setting up the application template.)
3. Check the mapping set and adjust if necessary.

Adding an OpenID application

1. Click Open application catalog in the top right corner.
   
2. Search for "OpenID".
   
3. Click Add next to Generic OpenID Connect Client to open the Add Application wizard.
   

The Add Application wizard has four tabs: General, Single Sign On, Self Service, and Finish.

General

The General tab contains the following fields:

• Display name
  Shown to end users as the application name on the HelloID dashboard.
• Default login URL
  The link to the secure page or the login screen.
• Description
  A description of the application.
• Change icon
  Select an icon or drag and drop an image to use for the application’s icon. HelloID will otherwise display the default image.
• Enabled
  The application is enabled by default. If you do not want the application to be available for end users, click the toggle to disable it.

Click the Next button once the General tab is completed.

Single Sign On

The Single Sign On tab is for setting up the application to the OpenID standard. To learn more, read the OpenID documentation. This tab contains the following fields:

• Secret
  A shared value between HelloID and the application. The secret will be automatically generated but can be changed if needed. A custom secret should have a minimum length of 10 characters.
• Security Algorithm
  Depends on the required settings for the client application and the desired connection method.
• Signing Certificate
  Used to verify the token. The token will need to be identical on both the client and the server side of the connection.
• Grant Type
  Depends on the required settings for the client application and the desired connection method.
• Redirect URI
  The redirect URI configured in the client app must match one of the values entered in this field. This is useful, for example, to run production and test environments at the same time. You may enter multiple redirect URIs by pressing Enter on your keyboard after typing a value.
• Send group membership claim
  Enable to include HelloID group memberships of the requesting user in the generated token.
• Group membership claim name
  The label that will be applied to the group membership claim section in the token. This value is chosen by the OpenID application provider.

Click the Next button once the Single Sign On tab is completed.

Self Service

The Self Service tab contains the following fields:

• Generate self service product
  Automatically create a Self Service Product with which users can request access to this application. The Group specified below is granted access to the application. Then, whenever a user's request is approved, the user is added to the group, thus granting them access to the application. This happens via an action attached to the self service product.
• Group
  The group by which the self service product will grant access to this application. Select an existing group, or select Generate Group to automatically create a new group for this purpose.

Click the Next button once the Self Service tab is completed.

Finish

Click the Save button to finalize the Generic OpenID Connect Client and finish the application setup.

Completing Setup

The application is not yet working. The Client ID and the Secret must be entered on the application side. The Client ID is created after completing the setup in HelloID.

1. Navigate to the Configuration tab in the Edit Application window. Click Edit to open the Edit Application Window.
2. Click the Configuration tab. The Client ID is now displayed in the respective field.
   
3. Click Configure Mapping Set to configure the application’s claims, if needed.
   
4. The following dialog box appears. Click Proceed.
   
5. Refer to Mapping - Overview and Edit a mapping set for instructions on adding, removing, or editing claims in the application's mapping set.
6. When finished with mapping, select the Save button to confirm and return to the General tab.
   
7. Go to Applications > Applications and locate the newly created application. Click Edit.
   
8. The Edit Application Window will now display three additional tabs: Groups, Categories, and Access Rules. For more information on these tabs see How to Manage an Application.
   
9. Click the View discovery document button to access the information required for configuring the client application.
   Depending on the client application, you may need to enter the URLs located at the top of the discovery document.

Note that this article only covers the application setup within HelloID. Client side configurations are still required for the application to work properly. More OpenID templates will be added in the future to make configuring applications easier.