Access Management: Configuring SSO via the Application Catalog
The Access Management module of Tools4ever’s HelloID identity and access management (IAM) solution makes it easy to grant users access to all systems and applications they need through Single Sign-On (SSO). This is beneficial, since they have fewer passwords to remember and users gain fast and efficient access to the resources they need. Configuring SSO is very simple thanks to our application catalog. This article explains more.
What is SSO?
Using strong and unique passwords is essential for optimal digital security. However, anyone working with many different applications and systems must manage a broad range of login credentials. Logging in with different credentials not only takes time, but also increases the risk that users forget passwords.
SSO addresses this challenge. With this authentication method, users sign in once to access multiple applications and systems. They gain fast and efficient access to the digital resources they need. It also removes the need to remember numerous credentials, encourages the use of strong passwords, reduces service desk load, and optimizes productivity.
How do you configure SSO?
You determine which applications and systems you provide access to through SSO, which is very simple thanks to our application catalog. The catalog lists a large number of applications that HelloID integrates with. You can add these applications to the IAM solution’s SSO dashboard in a few simple steps.
Almost all applications use an SSL certificate for SSO to sign and optionally encrypt message traffic. You always start by creating or importing an SSL certificate within HelloID.
The next steps can differ per application. Some applications require specific steps to be added. Therefore consult our documentation site and follow the steps described in the documentation.
If there are no specific steps for the application you want to add, you can always follow several basic steps. In this case, locate the application in the catalog, assign an appropriate name, and adjust the icon if desired. Then enter the endpoint URL and issuer. In many cases these fields are already populated in HelloID. In some situations you need to supplement this information with your own environment name, while in other situations it is a fixed value. If the fields are not filled in, request the information from the application vendor.
It is also important that HelloID can map the correct user to the correct username in the application you want to add. The IAM solution uses a claim for this. In most cases this is an email address. Note: always verify that the selected claim is actually known in the application you are connecting to. If not, this can result in errors or the unintended creation of new user accounts.
The final step is to provide the metadata, or in the case of OpenID Connect the 'well-known configuration', to the application vendor. Some applications allow you to create this connection yourself from their admin console. If this is not possible, provide the metadata to the application vendor manually.
Testing the connection
Before you put the connection into production, it is important to test it thoroughly. If possible, agree with the application vendor to deploy the connection in a test environment first. This allows you to validate the integration and prepare any documentation before you make the SSO connection available to users.
Also communicate clearly and in a timely manner with end users about the rollout of the SSO connection. This is important, since in most cases applications no longer offer other login methods after SSO is enabled and users can only sign in through SSO. Users must be well informed about the transition to prevent workflow interruptions. All application users must also exist in HelloID so that they have access to the IAM solution’s SSO dashboard.
What if an application is not available?
If an application is not available in our application catalog, that does not mean an SSO integration is impossible. In most cases you can have Tools4ever develop this integration for you. If you submit a request, we will contact the application vendor and, in consultation, develop both the application template and documentation. After delivery, we add the application to the application catalog. We use a fixed price per application.
Get started
Ready to get started with HelloID Access Management? Visit our website for more information about the capabilities. Do you have questions? Contact us! Our experts are ready to help!