Configuring SAML for Single Sign On (SSO)

Helpy Pro supports several strategies for SSO, which you can use to authenticate users against a central source, thus removing the need for them to establish and remember a password specific to Helpy.

Setting up SAML SSO on Helpy Pro is fairly straightforward, and requires you to add a number of configurations to a file on each server that is running Helpy. You then associate that file with your Helpy instance by referencing it in and environment variable. involves creating some keys, adding a configuration file (oauth.yml) somewhere on your server instance, and providing the required values to connect to your Identity provider (IdP).

1. Create public-private key pair for SAML configuration.  This should be a unique key-pair that is not used anywhere else.

openssl genrsa -out idp.pem 2048<br>
openssl req -new -x509 -sha256 -key idp.pem -out idp.crt -days 1095

2. Create the file oauth.yml somewhere on your server(s).  Add the contents of your idp.crt to the line idp_cert.  A sample file you can modify and use is here:

3. Configure your IdP to trust the SP (Helpy). You can upload the Helpy metadata file from the following URL:

4. Associate your config file with your Helpy instance by setting the AUTH_FILE environment variable to the path to the file

sudo helpy config:set AUTH_FILE=/path/to/oauth.yml

5. Restart your server

sudo helpy restart

Did this solve your problem?