Introduction

You may set up an application with OpenID yourself, or send your request to the HelloID team. If you’d like to set up an application with OpenID yourself, please read the OpenID documentation and the client application information regarding OpenID first.

Begin by navigating to Applications > Applications.

These instructions will cover how to add an OpenID application from a generic template. Note that it is necessary to have access to the client application settings as well in order to complete the setup. It is not sufficient to only set up the application in HelloID. This article will only cover the settings in HelloID because the setup on the application side is different per application.

There are three steps to the process of adding OpenID applications:

1. Make the application template.
2. Set up the client ID and secret in your client application. (The client ID will be available after setting up the application template.)
3. Check the claim set and adjust if necessary.

Adding an OpenID application

1. Click Open application catalog in the top right corner.
   
2. Search for "OpenID".
   
3. Click Add next to Generic OpenID Connect Client to open the Add Application wizard.
   

The Add Application wizard has four tabs: General, Single Sign On, Self Service, and Finish.

General

The General tab contains the following fields:

• Display name
  Shown to end users as the application name on the HelloID dashboard.
• Default login URL
  The link to the secure page or the login screen.
• Description
  A description of the application.
• Change icon
  Select an icon or drag and drop an image to use for the application’s icon. HelloID will otherwise display the default image.
• Enabled
  The application is enabled by default. If you do not want the application to be available for end users, click the toggle to disable it.

Click the Next button once the General tab is completed.

Single Sign On

The Single Sign On tab is for setting up the application to the OpenID standard. To learn more, read the OpenID documentation. This tab contains the following fields:

• Secret
  A shared value between HelloID and the application. The secret will be automatically generated but can be changed if needed. A custom secret should have a minimum length of 10 characters.
• Security Algorithm
  Depends on the required settings for the client application and the desired connection method.
• Signing Certificate
  Used to verify the token. The token will need to be identical on both the client and the server side of the connection.
• Grant Type
  Depends on the required settings for the client application and the desired connection method.
• Redirect URI
  The redirect URI configured in the client app must match one of the values entered in this field. This is useful, for example, to run production and test environments at the same time. You may enter multiple redirect URIs by pressing Enter on your keyboard after typing a value.
• Send group membership claim
  Enable to include HelloID group memberships of the requesting user in the generated token.
• Group membership claim name
  The label that will be applied to the group membership claim section in the token. This value is chosen by the OpenID application provider.

Click the Next button once the Single Sign On tab is completed.

Self Service

The Self Service tab contains the following fields:

• Generate self service product
  Automatically create a Self Service Product with which users can request access to this application. The group specified below is granted access to the application. Then, whenever a user's request is approved, the user is added to the group. This happens via an Action attached to the automatically created Self Service Product.
• Group
  The group which mediates access to this application via Self Service Product requests. Select an existing group, or select Generate Group to automatically create a new group for this purpose. Note that all default groups in your HelloID environment are automatically granted access to newly-created applications. Therefore, if you wish to limit access to only this group, you will need to remove this application from your default groups after creating it.

Click the Next button once the Self Service tab is completed.

Finish

Click the Save button to finalize the Generic OpenID Connect Client and finish the application setup.

Completing Setup

The application is not yet working. The Client ID and the Secret must be entered on the application side. The Client ID is created after completing the setup in HelloID.

1. Navigate to the Configuration tab in the Edit Application window. Click Edit to open the Edit Application Window.
2. Click the Configuration tab. The Client ID is now displayed in the respective field.
   
3. Click Configure Mapping Set to configure the application’s Claims.
   
4. The following dialog box appears. Click Proceed.
   
5. Click Change Mappings to see which information is sent using the OpenID standard.
   
6. The Subject is the unique identifier that must always be defined. Additional fields may be mapped. Click Add mapping to do so.
7. Update the additional fields with the desired information. For example, a user nickname. Click Close to save your changes.
8. Click the Save button in the bottom right corner to confirm the Mapping Settings and return to the General tab.
   
9. Navigate to Applications > Applications and locate the newly created application. Click Edit.
   
10. The Edit Application Window will now display three additional tabs: Groups, Categories, and Access Rules. For more information see Groups Overview, Categories Overview, and Application Access Rules Overview.
    
11. Click the View discovery document button to access the information required for configuring the client application.
    Depending on the client application, you may need to enter the URLs located at the top of the discovery document.

Note that this article only covers the application setup within HelloID. Client side configurations are still required for the application to work properly. More OpenID templates will be added in the future to make configuring applications easier.

Next: How to Manage an Application >>