Ortec Hosting Portal SAML application setup
Introduction
Depending on your implementation you can have multiple SSO configurations to Ortec.
This manual shows you how to set up SSO to the Ortec Hosting Portal. If you use Ortec WS Cloud, you will need a separate configuration for the Ortec WS Cloud websites.
Requirements:
HelloID environment
Ortec servicedesk credentials
Create or import a certificate
If there is no certificate yet, a certificate must be imported or created. This can be done in the HelloID Administrator Portal under Settings > Certificates. For this tutorial, we will use a self-signed certificate. Learn more about certificates here.
Application setup
Add the Ortec Hosting Portal application
Create a new application in HelloID by navigating to Applications > Applications. Open the Application Catalog and search for "Ortec". Find the SAML template, and click Add. Learn more about managing applications here.
General tab
On the General tab, fill the default login URL with your Ortec SSO URL. Optionally, you may also add a description. Click Next.
Single Sign-on tab
On the Single Sign-On tab, perform the following steps:
Change the Issuer to your portal name.
Change the Endpoint URL to your onortec.com URL, note your customer url is twice in the URL.
Select or deselect the Validate and use ACS request URL, depending on the Ortec environment settings.
By default this is enabled, disabling this option imposes a security risk.
Change the ACS validation list to your onortec.com URL, note your customer url is twice in the URL. There might be more than one URL in this list.
Change the SP-initiated URL to your onortec.com URL, this is the page where you will be directed to when using the HelloID portal and clicking the Ortec application tile.
Keep the Overwrite Audience selected.
Change the Extra audience to your onortec.com URL, note your customer url is twice in the URL.
In the X509 Certificate dropdown, select the certificate that you created or imported previously.
Click Next.
Self service tab
On the Self Service tab, choose whether to automatically create a Self Service product, which makes the application requestable. This is optional. Click Next.
On the Finish tab, click Save to add the application to HelloID.
Application metadata
After saving the Ortec Hosting Portal application, click its Edit link on the applications overview. This will bring you to its properties page.
You can simply right-click Download metadata at the right top of the screen and copy the URL for later use in Ortec.
Mapping set
After saving the Ortec Hosting Portal application, click its Edit link on the applications overview. This will bring you to its properties page. You can now edit the Mapping Set on the configuration tab.
Press the Change mappings button of the SAML user.
In most implementations the sAMAccountName is used. In this case we need to add an identifier to the Login name. This identifier will be supplied by Ortec in the next step. We can add this prefix as shown in the screenshot.
Request SAML
Full name
Email address
Username
ORTEC WS Client Production environment
ORTEC WS Client Test environment
Accesscontrol website production environment
Accesscontrol website test environment
A list of users that need access to OWS during the testing phase. For these users, make sure to add the following information:
For every user, mention for which ORTEC applications the user needs access. Consider the following 4 applications:
Metadata URL
Three letter abbreviation (customer specific code)
Create a ticket in the portal of the ORTEC servicedesk (via customer.ortec.com) with the title “Request for SSO on ORTEC-HOSTING Portal”.
Add the following information to the ticket:
The request will be processed by ORTEC and the ticket will be uploaded with two types of information. These need to be communicated towards HelloID:
When this information is added to the request, the status of the request will change to Waiting for information. The information that you need to supply is the metadata URL, which you copied from the previous steps. When Ortec has received this URL, add it to the request and re-open the ticket.