This manual shows how to make an OpenID connection to Nedap. The configuration takes place in HelloID and through a support request to Nedap.
- HelloID environment
- Nedap environment
Create or Import a Certificate
If there is no certificate yet, a certificate must be imported or created. This can be done in the HelloID Administrator Portal under Settings > Certificates. For this tutorial, we will use a self-signed certificate. Learn more about certificates here.
Add the Nedap Application
Create a new application in HelloID by navigating to Applications > Applications. Open the Application Catalogue and search for "Nedap". Find the OpenID template, and click Add. Learn more about managing applications here.
On the General tab, replace the customer name (klantnaam) in the Default Login URL field. Optionally, you may also add a description. Click Next.
On the Single Sign-On tab, perform the following steps:
- Provide a value in the Secret field. This can be any value that you want. Make note of it, as you will need to supply it to Nedap support later on.
- For the Security Algorithm field, select "rsa-sha256", unless otherwise instructed by Nedap support.
- In the Signing Certificate dropdown, select the certificate that you created or imported previously.
- For Grant Type, verify that "authorization_code" is selected.
- At the Redirect Uri, you'll see a pre-provided URL, this is the same for every Nedap environment. Therefore this attribute has a fixed value.
- Click Next.
On the Self Service tab, choose whether to automatically create a Self Service product, which makes the application requestable. This is optional. Click Next.
On the Finish tab, click Save to add the application to HelloID.
After adding the Nedap application, click its Edit link on the applications overview. This will bring you to its properties page. Click View discovery document at the right top of the screen.
This document contains all the information we will need to send to Nedap. Copy it to a program like Notepad for use later on.
Back in HelloID, click on the Configuration tab, and then click Configure Mapping Set. When prompted to leave the page, click Proceed.
Click on the Change Mappings link for the User object. Click the Add mapping link and then provide an additional mapping for the HelloID user's sAMAccountName to the employee_number attribute in Nedap. Your mapping should look like the screenshot below:
Click Close and then click Save. The configuration of the HelloID application is finished.
In order to make the connection, Nedap support needs to add the connection on their side. Go to the Nedap TOPdesk portal https://nedap-healthcare.topdesk.net/tas/public/login/form and click the tile SSO AANVRAGEN.
Fill the form with all the information from the discovery document:
Click Submit and await a reaction from Nedap.
Test the application
After Nedap confirms that the connection has been made on their side, the application is all set for use. It’s time to test the application. Navigate to the HelloID User Dashboard and click on the newly created Nedap application. You should then be authenticated into the Nedap system with no other prompts for credentials.