Skip to main content

HelloID

SignRequest SAML application setup
Introduction

This article demonstrates how to set up HelloID and SignRequest for single sign-on using the SAML protocol. The configuration takes place in HelloID and requires you to send information to SignRequest.

Requirements

  • HelloID environment

  • SignRequest environment

Create or import a certificate

If there is no certificate yet, a certificate must be imported or created. For this tutorial, we will use a self-signed certificate. Create one before proceeding and name it SignRequestSelfSigned.

Application setup
Add the SignRequest application

Go to Applications > Applications and select the Open application catalog button. Find the template for SignRequest (SAML) and select its Add button. Learn more about managing applications here.

mceclip0.png
General tab

On the General tab, replace the Default Login URL with your SignRequest ACS login URL. This is in the format https://signrequest.com/user/social/login/saml/?next=%2F&idp={customer}.

mceclip1.png

Select the Next button.

Single Sign-on tab

On the Single Sign-On tab, perform the following steps:

  1. Name ID format

    username

  2. Issuer

    Your HelloID portal URL, e.g., https://enyoi.helloid.com

  3. Endpoint/ACS URL

    Your SignRequest endpoint URL, e.g., https://signrequest.com/user/social/complete/saml/

  4. ACS validation list

    Your SignRequest endpoint URL, e.g., https://signrequest.com/user/social/complete/saml/

  5. BindingHTTP-POST

  6. RelayState

    The RelayState value which you received from SignRequest

  7. Sign Response

    On

  8. X509 Certificate

    SignRequestSelfSigned

  9. Overwrite Audience

    On

  10. Extra Audience

    Your SignRequest metadata URL, e.g. https://signrequest.com/user/auth/saml/metadata/{customer}/

mceclip2.png

Select the Next button.

Self service tab

On the Self Service tab, choose whether to generate a Self Service product, which makes the application requestable. Optionally, choose a group to control access to the application.

mceclip5.png

Select the Next button.

Finish tab

On the Finish tab, select the Save button to add the SignRequest application to HelloID.

mceclip3.png
Supplier-side configuration

The HelloID side of the configuration is now finished, but SignRequest needs to add the connection on their side.

Note that they will need the Metadata URL. To retrieve this value, go to Applications > Applications. Locate your newly-added SignRequest application and select its Edit link. Right-click the Download metadata button and select Copy link address. This will be in the format https://{customer}.helloid.com/metadata/download?ApplicationGUID={guid}

mceclip0.png

Send this value to SignRequest and request that they complete the connection.

Finish up

The SignRequest application has been added to HelloID, and a trust has been configured between SignRequest and HelloID. You are now free to assign the application to users within your organization and begin testing it and using it. See Applications - Overview and its related articles for more information.

In this section: