Skip to main content

HelloID

Magister OpenID application setup
Introduction

This article demonstrates how to set up Magister for single sign-on. The configuration takes place in HelloID and requires you to send information to Magister.

Use these instructions for the production environment.

Requirements
  • HelloID environment

  • Magister environment

Create or import a certificate

If there is no certificate yet, you must create or import one. For this tutorial, we will create a self-signed certificate. Name it MagisterSelfSigned.

Application setup
Add the Magister application
  1. Add a new application.

  2. Find the template for Magister 6 (OpenID Connect).

  3. Select its Add button.

Magister_search.png
General tab

Change the following settings:

  • Default Login URL

    Replace with your Magister environment URL. For example: https://{customer}.magister.net/.

Magister_general_tab.png

Select the Next button.

Single Sign-On tab

Change the following settings:

  1. SecretAccept the default value, or optionally, enter a custom secret. If you use a custom value, we suggest a string of at least 52 characters.

  2. Signing CertificateSelect the MagisterSelfSigned certificate that you previously imported or created.

  3. Redirect URIIf you are connecting to a test environment, add a second Redirect URI for the test environment. This value is case sensitive.

Magister_sso_tab.png

Select the Next button.

Self Service tab

Optionally, generate a Self Service product, which makes the application requestable. Select a group which will have access to the product.

Magister_selfservice_tab.png

Select the Next button.

Finish tab

Select the Save button to add the Magister application to HelloID.

Additional configuration
Mapping

By default, the user's HelloID {{user.userattributes.userPrincipalName}} attribute is sent as the unique identifier (UPN). If you wish to use another attribute, see Mapping - Overview.

Supplier-side configuration

The HelloID side of the configuration is now finished.

To connect, Magister needs to add the connection on their side. Contact Magister to request this.

Send them the following information:

  • Discovery document

  • Client ID

  • Client Secret

Discovery document
  1. Go to the Applications overview.

  2. Select the Edit link for the newly-added Magister application.

  3. Right-click the View discovery document button

  4. Select Copy link. It will resemble: https://enyoi.helloid.com/oauth2/v2/e6e741f5-a469-4849-93f7-fe2e259a339f/.well-known/openid-configuration/.

    discover_document_copy_link.png
Client ID & Secret
  1. Edit the newly-added Magister application.

  2. Go to its Configuration tab.

  3. Copy the Client ID value.

  4. Select the "eye" button to reveal the Secret, and copy the value.

client_id_secret.png
Finish up

The Magister application has been added to HelloID, and a trust has been configured between Magister and HelloID. You are now free to test the application and assign it to users within your organization. See Applications - Overview and its related articles for more information.

User identities in Magister

To complete the SSO setup for Magister users, you must link each Magister user account to the UserPrincipalName of the users in your organization.