Enable SSO for HelpJuice

Purpose

Helpjuice offers single sign-on via SAML integration with Practice Protect. This provides a seamless login experience to the helpjuice platform using IdP-initiated SSO.

Practice Protect will configure this on your behalf. Please send us an email at [email protected]

Prerequisites

• Must have the paid version of the app (from Starter to Unlimited)
• Active Helpjuice account with Super Administrator rights for your organization to access the SSO settings (Note: this can be your account so you don’t have to pay and create another license account)
• Admin Access to Practice Protect
• The username/Email for staff should match the login names in Practice Protect.

Instructions

1. Login to your Practice Protect and switch to the Admin portal (ex. domain.id.cyberark. cloud)
2. On Core Services, Click on Roles > Add Roles. Create a role and set the name field to Helpjuice SSO Users. Then Save.
3. With the created role, click on Members > Add. Add each user that will have access to the app. Then Save.
4. From the Apps & Widgets, go to the Web Apps section. Then, choose Add Web Apps in the top right corner.
5. Search for Helpjuice then click Add on Helpjuice (SAML). Click Yes.
6. Set the Name as Helpjuice SSO. You can also set the category and logo
7. Hit Save.
8. Go to Trust > under Identity Provider Configuration and select Metadata. Copy the Identity URL from the Identity Provider URL that issues the SAML2 security token.
9. Copy the Thumbprint from the Signing certificate. Keep this information as this will be used on Helpjuice SSO settings.
10. Click on Copy XML. Keep this as well.
11. Proceed to Service Provider Configuration and select Manual Configuration.
    
12. On the SP Entity ID / SP Issures / Audience, fill it in with helpjuice.com
13. For the Assertion Consumer Service (ACS) URL, enter https://helpjuice.com/sso/YOURSUBDOMAIN
14. Leave the rest of the settings and hit Save. Note: If you wish to set a custom landing page, you can add a page on the Relay State field.
15. Go to Permissions. Add the role we created earlier to the permissions page (e.g. Helpjuice SSO Users) and click Save.
16. Login to Helpjuice using the Super Admin account.
17. (OPTIONAL) Go to Users and click Export Users > Export CSV. This is good for reviewing and backing up the list of users along with the group, roles, and job titles.
18. Click on your profile icon in the bottom left corner and choose Settings.
19. Click SSO (SAML) under Authentication.
20. Setup the following details:
    • SSO Domain: Enter the domain for your organization/firm (e.g. mydomain.com.au). This is the domain you are using to log in to Helpjuice
    • SSO Company: Enter the domain you set up with Helpjuice. The SSO Company field should contain your subdomain. For example: mydomain.helpjuice.com, the subdomain is mydomain
    • Identity Provider URL: Paste the URL you copied from Step 8.
    • Logout URL: Set this as a blank field
    • Fingerprint: Paste the thumbprint you copied from Step 9.
    • IDP Metadata (XML): Pate the XML you copied from Step 10.
21. Proceed to the Attributes section and set it to the following:
    • SSO Email Field – mail
    • SSO First Name Field – Set this as a blank field
    • SSO Last Name Field – Set this as a blank field
    • SSO Group Name Field – Set this as a blank field
    • SSO Role ID – Internal Viewer. Select a different one if you wish to set a different role
    • SSO Certificate – Set this as a blank field
22. On Automatic User Management, uncheck the box for Auto-Create Users.
23. Untick Send Welcome E-mails to New SSO Users under the Advanced Section
24. Click Save Changes
25. SSO is now enabled for all Helpjuice users. Note: You can use the tile on your Practice Protect User Portal to sign in to the app automatically.