Depending on your implementation you can have multiple SSO configurations to Ortec.
This manual shows you how to set up SSO to the Ortec Hosting Portal. If you use Ortec WS Cloud, you will need a separate configuration for the Ortec WS Cloud websites.
- HelloID environment
- Ortec servicedesk credentials
Create or import a certificate
If there is no certificate yet, a certificate must be imported or created. This can be done in the HelloID Administrator Portal under Settings > Certificates. For this tutorial, we will use a self-signed certificate. Learn more about certificates here.
Add the Ortec Hosting Portal application
Create a new application in HelloID by navigating to Applications > Applications. Open the Application Catalog and search for "Ortec". Find the SAML template, and click Add. Learn more about managing applications here.
On the General tab, fill the default login URL with your Ortec SSO URL. Optionally, you may also add a description. Click Next.
Single Sign-on tab
On the Single Sign-On tab, perform the following steps:
- Change the Issuer to your portal name.
- Change the Endpoint URL to your onortec.com URL, note your customer url is twice in the URL.
- Select or deselect the Validate and use ACS request URL, depending on the Ortec environment settings.
By default this is enabled, disabling this option imposes a security risk.
- Change the ACS validation list to your onortec.com URL, note your customer url is twice in the URL. There might be more than one URL in this list.
- Change the SP-initiated URL to your onortec.com URL, this is the page where you will be directed to when using the HelloID portal and clicking the Ortec application tile.
- Keep the Overwrite Audience selected.
- Change the Extra audience to your onortec.com URL, note your customer url is twice in the URL.
- In the X509 Certificate dropdown, select the certificate that you created or imported previously.
- Click Next.
Self service tab
On the Self Service tab, choose whether to automatically create a Self Service product, which makes the application requestable. This is optional. Click Next.
On the Finish tab, click Save to add the application to HelloID.
After saving the Ortec Hosting Portal application, click its Edit link on the applications overview. This will bring you to its properties page.
You can simply right-click Download metadata at the right top of the screen and copy the URL for later use in Ortec.
After saving the Ortec Hosting Portal application, click its Edit link on the applications overview. This will bring you to its properties page. You can now edit the Mapping Set on the configuration tab.
Press the Change mappings button of the SAML user.
In most implementations the sAMAccountName is used. In this case we need to add an identifier to the Login name. This identifier will be supplied by Ortec in the next step. We can add this prefix as shown in the screenshot.
- Create a ticket in the portal of the ORTEC servicedesk (via customer.ortec.com) with the title “Request for SSO on ORTEC-HOSTING Portal”.
- Add the following information to the ticket:
- A list of users that need access to OWS during the testing phase. For these users, make sure to add the following information:
- Full name
- Email address
- For every user, mention for which ORTEC applications the user needs access. Consider the following 4 applications:
- ORTEC WS Client Production environment
- ORTEC WS Client Test environment
- Accesscontrol website production environment
- Accesscontrol website test environment
- The request will be processed by ORTEC and the ticket will be uploaded with two types of information. These need to be communicated towards HelloID:
- Metadata URL
- Three letter abbreviation (customer specific code)
- When this information is added to the request, the status of the request will change to Waiting for information. The information that you need to supply is the metadata URL, which you copied from the previous steps. When Ortec has received this URL, add it to the request and re-open the ticket.