Introduction
An application shortcut appears alongside applications in the HelloID end user dashboard, but goes directly to a URL without sending any SSO data. This can be useful in certain situations.
This article will demonstrate how and when to use an application shortcut.
Add an application shortcut
- Go to Applications > Applications. Select the Open application catalog button.
- Select the Generic link. Select the Add button for Generic Shortcut.
- On the General tab, fill out the following fields:
- Display Name
The name of the shortcut, which appears on the admin and end user dashboards. - Default Login URL
The URL that the shortcut redirects to. Required. - Description
A description of the shortcut. Optional. - Change Icon
An icon for the shortcut. Optional. - Enabled
When turned off, the shortcut will not appear on the end user dashboard.
- Display Name
- The Self Service tab contains the following fields:
- Generate self service product
Automatically create a Self Service Product with which users can request access to this application shortcut. The Group specified below is granted access to the shortcut. Then, whenever a user's request is approved, the user is added to the group, thus granting them access to the shortcut. This happens via an action attached to the self service product. - Group
The group by which the self service product will grant access to this application shortcut. Select an existing group, or select Generate Group to automatically create a new group for this purpose.
- Generate self service product
- On the Finish tab, select the Save button.
- The new shortcut appears in the Applications Overview. It can now be managed like a regular application.
- Optionally, turn on the Hide Application toggle on the General tab of the application that the shortcut points to. On its Groups tab, make sure the application is available to the default Users group. This ensures that SP-initiated authentication (see below) will succeed regardless of which group(s) a user is in.
Use cases for application shortcuts
Avoid an infinite redirect loop in an SP-initiated SAML app
In some cases, an SP-initiated HelloID SAML application can enter an infinite redirect loop. For example, this may occur when an app points to www.acme.com/saml
, which then sends an SP-initiated authentication request back to the HelloID application URL, which then contacts www.acme.com/saml
, ad infinitum.
You can solve this as follows:
- On the Applications tab of the end user dashboard, right-click the affected SAML application to retrieve its URL.
- Hide the affected SAML application by turning on the Hide Application toggle on its General tab, as described in the above section Add an application shortcut.
- Add an application shortcut whose Default Login URL is set to
www.acme.com
. In this case,www.acme.com
must independently send an SP-initiated authentication request to the hidden SAML app's URL, which you retrieved in step 1.
In this way, the hidden SAML app is indirectly triggered to send the necessary information to www.acme.com/saml
. Once the authentication request has finished, the user is redirected to www.acme.com
by the application shortcut's Default Login URL. An endless loop is avoided.
Share settings across test and production environments
Some SAML and OIDC applications have both test and production environments. Typically they share the same SSO settings, and whenever the production environment's SSO settings are updated, they are automatically copied to (i.e., overwritten in) the test environment. In this case, having separate HelloID applications for the test and production environments will require you to update both applications any time the SSO settings change on the service provider's side.
You can eliminate this duplication of effort by adding the production environment as a normal application, but adding the corresponding test environment as a shortcut. In this way, you won't have to separately update two applications.
Examples: Lablecare, Nedap ONS
Share settings across multiple endpoints
Some applications have several sub-applications, or "endpoints". Instead of sending users directly to the main application, you can hide it and instead create a separate shortcut for each endpoint that goes to an SP-initiated URL. In this way, each shortcut will be (indirectly) routed through the hidden application, which stores a single, centralized configuration and mapping set. This is more convenient for users, and simpler to manage on the admin side.
Examples: PowerSchool, Houghton Mifflin Harcourt
Hide Plugin Not Installed Warning
In certain situations involving application shortcuts, you may want to hide installation reminders for the HelloID browser plugin. Do so using the Hide Plugin Not Installed Warning toggle on the Advanced tab of the Company settings.