Skip to main content

HelloID

SmartDocuments SAML application setup
Introduction

This article demonstrates how to set up HelloID and SmartDocuments for single sign-on using the SAML protocol. The configuration takes place in HelloID and requires you to send information to SmartDocuments.

Requirements
  • HelloID environment

  • SmartDocuments environment

Create or import a certificate

If there is no certificate yet, you must create or import one. For this tutorial, we will create a self-signed certificate. Name it SmartDocumentsSelfSigned.

Application setup
Add the SmartDocuments application
  1. Add a new application.

  2. Find the template for SmartDocuments (SAML).

  3. Select its Add button.

mceclip0.png
General tab

Change the following settings:

  • Default Login URL

    Replace with your Magister environment URL. For example: https://{customerURI}/smartdocuments/saml/SSO.

mceclip1.png

Select the Next button.

Single Sign-On tab

Change the following settings:

  • Issuer

    Enter your HelloID domain in the format https://{customer}.helloid.com.

  • Endpoint/ACS URL

    Enter your SmartDocuments SSO URL (provided by SmartDocuments), in the format https://{customerURI}/smartdocuments/saml/SSO

  • Validate and use ACS request URL

    Turn off

  • ACS validation list

    Enter your SmartDocuments SSO URL (provided by SmartDocuments), in the format https://{customerURI}/smartdocuments/saml/SSO

  • X509 Certificate

    Select the SmartDocumentsSelfSigned certificate that you previously imported or created.

  • Extra audience(s)

    Enter the the entityID from your SmartDocuments metadata, in the format https://{customerURI}/smartdocuments

mceclip2.png

Select the Next button.

Self Service tab

Optionally, generate a Self Service product, which makes the application requestable. Select a group which will have access to the product.

Select the Next button.

Finish tab

Select the Save button to add the SmartDocuments application to HelloID.

Additional configuration
Mapping

By default, the user's HelloID {{user.contactEmail}} attribute is sent as the NameID, which is used as the unique identifier. This assumes that the user's email address in HelloID matches the email address in SmartDocuments. If you want to use another attribute, see Mapping - Overview.

Supplier-side configuration

The HelloID side of the configuration is now finished.

To connect, SmartDocuments needs to add the connection on their side. Contact SmartDocuments to request this. This may incur additional costs.

Send them the following information:

  • Metadata URL

  • Dynamic metadata URL

Metadata URL
  1. Go to the Applications overview.

  2. Select the Edit link for the newly-added SmartDocuments application.

  3. Right-click the Download metadata button

  4. Select Copy link address. It will resemble: https://enyoi.helloid.com/metadata/download?ApplicationGUID=e6e741f5-a469-4849-93f7-fe2e259a339f.

    mceclip0.png
Dynamic metadata URL

Replace download with index in the metadata URL to create the dynamic metadata URL. For example: https://enyoi.helloid.com/metadata/download?ApplicationGUID=e6e741f5-a469-4849-93f7-fe2e259a339f

Finish up

The SmartDocuments application has been added to HelloID, and a trust has been configured between SmartDocuments and HelloID. You are now free to test the application and assign it to users within your organization. See Applications - Overview and its related articles for more information.