Skip to main content

HelloID

Visma SAML application setup
Introduction

This manual shows you how to set up SSO to Visma using the SAML protocol. The configuration takes place in HelloID and requires you to send information to Visma.

Requirements:

  • HelloID environment

  • Visma environment

    • SSO has to be requested at Visma, this might come with additional costs.

Create or Import a Certificate

If there is no certificate yet, a certificate must be imported or created. This can be done in the HelloID Administrator Portal under Settings > Certificates. For this tutorial, we will use a self-signed certificate. Learn more about certificates here.

Application Setup
Add the Visma Application

Create a new application in HelloID by navigating to Applications > Applications. Open the Application Catalog and search for "Visma". Find the SAML template, and click Add. Learn more about managing applications here.

Visma_search.png
General tab

On the General tab, fill the default login URL with the Visma environment SSO URL (replace {customername} with your customer name). Optionally, you may also add a description. Click Next.

Visma_general_tab.png
Single Sign-on tab

On the Single Sign-On tab, perform the following steps:

  1. For the Issuer field, provide your HelloID domain in the format "{customer}.helloid.com".

  2. Endpoint/ACS URL should be set with the ACS endpoint URL of your Visma environment in the format "https://{customername}.my.connect.visma.com/saml/acs"

    Note: This URL is case sensitive

  3. Validate and use ACS request URL is always selected for security reasons.

  4. ACS validation list should contain the URL you entered at the Endpoint/ACS URLNote: This URL is case sensitive

  5. In the X509 Certificate dropdown, select the certificate that you created or imported previously.

  6. As Extra audience enter the domain URL of your Visma environment in the format "https://{customername}.my.connect.visma.com"Note: This URL is case sensitive

  7. Click Next.

Visma_sso_tab.png
Self service tab

On the Self Service tab, choose whether to automatically create a Self Service product, which makes the application requestable. This is optional. Click Next.

Finish tab

On the Finish tab, click Save to add the application to HelloID.

Visma_finish.png
Configuring the Mapping Set

By default, the 'matching identifier' is set to the user's contact email. This is assuming the email address known in HelloID matches the Visma user's email address.

If you wish to use another attribute, click here to learn more about attribute mappings.

Application metadata

After saving the Visma application, click its Edit link on the applications overview. This will bring you to its properties page.

You now have the option to obtain the application metadata.

Dynamic Metadata (URL)

You can simply right-click Download metadata and copy the link address (something along the lines of https://enyoi.helloid.com/metadata/download?ApplicationGUID=e6e741f5-a469-4849-93f7-fe2e259a339f) at the right top of the screen.

Visma_download_metadata.png

Replace the word 'download' with 'index' in the URL to view the metadata. This URL is the Dynamix Metadata URL.

360012268780_mceclip2.png

Please provide this dynamic Metadata URL to Visma.

The configuration of the HelloID application is finished.

Visma Configuration
Request SAML

In order to make the connection, Visma needs to add the connection on their side. This can be requested at Visma, this might come with additional costs.

To configure the SSO on the Visma side, they will need the following information:

  1. Metadata URLPlease provide the dynamic Metadata to Visma

  2. IDP Entity IdThis is the issuer you configured in the HelloID configuration earlier in the format "{customer}.helloid.com"

  3. IDP Login EndpointThe login URL of your HelloID environment in the format "https://{customer}.helloid.com"

  4. IDP Logout EndpointThe sign out URL of your HelloID environment in the format "https://{customer}.helloid.com/authentication/signoff"

  5. Attribute name for EmailemailaddressNote: Fixed value and Case sensitive!

  6. Attribute name for First name

    givenname

    Note: Fixed value and Case sensitive!

  7. Attribute name for Last Name

    surname

    Note: Fixed value and Case sensitive!

  8. IdP X.509 Certificate

    This can be found in the HelloID Metadata provided and should not be provided separately.

    Visma should get this from the HelloID Metadata.

Finishing Up

The Visma application has now been added to HelloID, and a trust has been configured between Visma and HelloID. You are now free to assign the application to users within your organization and begin testing it and using it. You can learn more about managing applications and assigning permissions here.

In this section: