Introduction
This article demonstrates how to set up Lablecare for single sign-on. The configuration takes place in HelloID and requires you to send information to Lablecare.
Use these instructions for the production environment. We recommend setting up the test/preview environments as Shortcuts.
Requirements
- HelloID environment
- Lablecare environment
Create or import a certificate
If there is no certificate yet, you must create or import one. For this tutorial, we will create a self-signed certificate. Name it LablecareSelfSigned
.
Application setup
Add the Lablecare application
- Add a new application.
- Find the template for Lablecare (SAML).
- Select its Add button.
General tab
Change the following settings:
- Default Login URL
Replace with your Lablecare environment URL. For example:https://{customer}.lablecare.nl
.
Select the Next button.
Single Sign-On tab
Change the following settings:
- Issuer
Enter your HelloID domain in the formathttps://{customer}.helloid.com
. - Endpoint URL
Enter your Lablecare environment URL in the formathttps://{customer}.lablecare.nl
. - Validate and use ACS request URL
Turn on. - ACS validation list
Enter your Lablecare environment's AssertionConsumerService URL. This can be obtained from Lablecare or found in the Lablecare metadata file. This URL is case sensitive. - X509 Certificate
Select theLablecareSelfSigned
certificate that you previously imported or created. - Extra audience
Enter the Audience URI provided by Lablecare. In most cases this matches the URL entered for ACS validation list. This URL is case sensitive.
Select the Next button.
Self Service tab
Optionally, generate a Self Service product, which makes the application requestable. Select a group which will have access to the product.
Select the Next button.
Finish tab
Select the Save button to add the Lablecare application to HelloID.
Additional configuration
Mapping
By default, the user's HelloID {{user.attributes.userPrincipalName}}
attribute is sent as the SAML NameID. If you wish to use another attribute, see Mapping - Overview.
Supplier-side configuration
The HelloID side of the configuration is now finished.
To connect, Lablecare needs to add the connection on their side. Contact Lablecare to request this.
Send them the following information:
- Metadata URL
Metadata URL
- Go to the Applications overview.
- Select the Edit link for the newly-added Lablecare application.
- Right-click the Download metadata button
- Select Copy link address. It will resemble:
https://enyoi.helloid.com/metadata/download?ApplicationGUID=e6e741f5-a469-4849-93f7-fe2e259a339f
.
Finish up
The Lablecare application has been added to HelloID, and a trust has been configured between Lablecare and HelloID. You are now free to test the application and assign it to users within your organization. See Applications - Overview and its related articles for more information.