Click here to sign up for our mailing list
Hello and welcome to this HelloID Access Management product release video for March 2020.
HelloID Access Management is an cloud based solution to control who has access to your business applications. By offering Single Sign On, access will made easier for the end user. HelloID also offers a wide integration with many two and multi factor devices, like Yubikey, Soft token, Oauth tokens, SMS, Radius, and many more. HelloID is an good alternative for ADFS, Okta, One Login and Azure P1 license.
In this video I first I’d like to start with a PowerPoint presentation and then demo you the new functionalities.
In this release we have one major change, which is that we now have a better integration with Azure Active Directory. I’d like to explain this a little bit, because it’s rather technical, with a diagram in the PowerPoint. So this is a common setup, you have HelloID as the IDP and then you have multiple applications connected on SSO basis to HelloID.
Then you can set Azure AD as the IDP for HelloID, also common setup, and that’s based on SAML which was currently already available in earlier versions.
Then you can also add apps on SSO basis to Azure AD. This is a common approach and it will work too with authentication issues. If you log into HelloID you have SSO for these apps but also for these apps if you log in to Azure AD and if you go to one of these apps it will work to, as long as the SAML integration is available.
So, now something new occurs. Suppose that this app here, which is connected to HelloID, wants to retrieve more detailed information from this app, suppose this is Sharepoint online or email office 365. For example it wants to show latest received emails or activity of project teams an employee is working on. A common approach for this is that the app uses the Graph API to retrieve this kind of information.
This is now the issue: as long as you use SAML the integration, the Graph API won’t work, so you need a more sophisticated token to retrieve that information. This token is based on OpenID connect, OIDC in short.
OpenID connect integration is what we have added in this new release and now you can pass the token attributes to HelloID connected apps. I will show you in the software where you can find that.
So now you can put additional mapping attributes in this SSO connection to the app. Important to know is that the app software needs to be modified to pass the extra onbehalf token attributes to the Graph API. With the onbehalf token the app can authenticate with the Graph API and retrieve all required information.
Added an extra IDP
So we have added an extra IDP, so let me go to the authentication section in Security, identity providers, and this one is new. So it’s also available in the catalogue, this SAML based one was already available and this one is new. Here is the configuration in more detail. I will not explain how this works in this video because it will be too technical, of course detailed documentation is available to do the configuration yourself.
So this is the IDP section, you also have a modification to the mapping to the target application, so let me go to an application. So now I have this application and in the configuration of the mapping set you have two new options: the onbehalf token and the onbehalf token refresh. This is what we have added in this release: a more tighter integration with Azure AD in combination with the Graph API.
This is the end of this video. Thank you for your time and attention.
Please let us know if you have any additional questions. You can post your question in youtube or send it to firstname.lastname@example.org. Please subscribe to our channel to receive frequent updates about improvements and changes in HelloID.
For now have a wonderful day.