Introduction
This article demonstrates how to set up HelloID and AMiSconnect for single sign-on using the OpenID Connect protocol. The configuration takes place in HelloID and requires you to send information to Alphatron Medical.
Requirements
- HelloID environment
- AMiSconnect environment
Create or import a certificate
If there is no certificate yet, you must create or import one. For this tutorial, we will create a self-signed certificate. Name it AMiSconnectSelfSigned
.
Application setup
Add the AMiSconnect application
- Add a new application.
- Find the template for AMiSconnect (SAML).
- Select its Add button.
General tab
Change the following settings:
- Default Login URL
https://amissolutions.com/nl/
.
Select the Next button.
Single Sign-On tab
Change the following settings:
- Secret
Accept the default value, or optionally, enter a custom secret. If you use a custom value, we suggest a string of at least 52 characters with uppercase characters, lowercase characters, and numbers. The secret cannot contain special characters. - Signing Certificate
Select theAMiSconnectSelfSigned
certificate that you previously imported or created. - Redirect URI
Enter the Redirect URI provided by Alphatron Medical. For example:https://{customerURL}/auth/realms/amisconnect/broker/{customer}/endpoint
- Send group membership claim
Turn on
Select the Next button.
Self Service tab
Optionally, generate a Self Service product, which makes the application requestable. Select a group which will have access to the product.
Select the Next button.
Finish tab
Select the Save button to add the AMiSconnect application to HelloID.
Additional configuration
Mapping
By default, the user's HelloID {{user.userguid}}
attribute is sent as the unique identifier (UPN). If you wish to use another attribute, see Mapping - Overview.
Supplier-side configuration
The HelloID side of the configuration is now finished.
To connect, Alphatron Medical needs to add the connection on their side. Contact Alphatron Medical to request this.
Send them the following information:
- Client ID
- Client Secret
- Discovery document URL
After Alphatron Medical sets up the connection, Single-Sign On configuration is complete and can be tested.
Client ID & Secret
- Edit the newly-added AMiSconnect application.
- Go to its Configuration tab.
- Copy the Client ID value.
- Select the "eye" button to reveal the Secret, and copy the value.
Discovery document
- Edit the newly-added AMiSconnect application.
- Right-click the View discovery document button
- Select Copy link. It will resemble:
https://enyoi.helloid.com/oauth2/v2/e6e741f5-a469-4849-93f7-fe2e259a339f/.well-known/openid-configuration/
.