Enable SSO for Weel (OpenID)

Purpose

Weel (Previously DiviPay) offers single sign-on via an OpenID integration with Practice Protect. This provides a seamless login experience to the Weel platform including the mobile application.

Prerequisites

• Requires Weel Enterprise Plan, or purchase of SSO add-on with the Weel Premium Plan
• Admin Access to Practice Protect
• The Username/Email Addresses configured in Weel should match the login names in Practice Protect

Instructions

1. Login to your Practice Protect and switch to the Admin portal.
2. In Core Services, go to the Roles section and click Add Role. Create a new role by entering Weel SSO Users in the Name field, then click Save.
3. With the created role, click on Members > Add. Add each member/user that should be included in the SSO. Then select Save.
4. From the Apps & Widgets, go to Web Apps section and click Add.
5. Then, choose Custom and select OpenID Connect. Click Add.
6. Click Yes to add.
7. The application that you just added opens to the Settings page. Set the following details:
   1. Application ID: weel
   2. Name: Weel OpenID
   3. Description: This app is configured for Weel and Practice Protect SSO integration.
   4. You can use the logo below as the icon for the app. Just right click and save image as. Note: You can change the name, category or logo based on your preference.
8. Click Save.
   
9. Open a new tab and use the password generator tool here. Generate a password for the Client Secret. Important! Select only Numbers, Lowercase and Uppercase, and set the Length to 16. Then, click Generate.
10. Copy the password and keep it, as it will be used in later steps.
11. Return to the Weel SSO app in Practice Protect. On the Trust section, paste the password into the Open ID Connect Client Secret field.
12. On the same page, go down to Service Provider Configuration and choose Login initiated by the relying party (RP)
13. Under Authorized Redirect URIs, click Add.
14. Add this URL:

    https://divipay.auth.ap-southeast-2.amazoncognito.com/oauth2/idpresponse

    

15. Untick the box for Enable full url match
16. Click Save.
17. Go to Permissions page and click Add.
18. Find the role created in Step 2 (e.g. Weel SSO Users),  select it and Add.
19. Click Save.
20. Return to the Trust page and take note of the Client ID and Issuer URL, as these will be used in the next step.
21. Submit the SSO configuration details to Weel by completing the form at the following link. Below is the sample question/answer in the form
    1. Select your SSO provider type: OIDC
    2. Enter OIDC Issuer URL: Paste the Issuer URL copied from Step 19
    3. Enter OIDC Issuer ID: Paste the Client ID copied from Step 19
    4. Enter OIDC client secret: Paste the client secret generated from Step 9
    5. Enter OIDC scopes: N/A
    6. Enter the email address of any Weel user’s that you want to test your implementation: admin@yourdomain.com
22. Once submitted, Weel Support will complete the configuration and they will coordinate with the admin or a test user to verify the SSO connection.
23. Download the Weel SSO Autofill app. This is the app we will deploy for all users
24. Return to Practice Protect Admin Portal and go to Apps & Widgets > Web Apps > Click on Add Web Apps in the top-right corner.
25. Select the Import tab, then click Upload. Choose the Weel SSO Autofill file you previously downloaded.
26. After the file has been successfully uploaded, close the form window. The settings page for the app will open automatically. If it doesn’t, simply locate the app in the Web Apps and open it.
27. Navigate to the Description section and rename the app by updating the Application Name field (e.g., change it to Weel SSO).

28. Go to the Permissions tab and add the Weel SSO Users role that you previously created.

    

29. The Weel SSO app is what each user will see and use to launch and log in to Weel. The Weel OpenID app, on the other hand, is where the Single Sign-On (SSO) integration is configured.

30. After successful testing and confirmation that it is working, please revert to Weel Support so they can activate it for all users, if they haven’t already.

    Please note that onboarding new users to Weel remains the same, you still need to create the user in Weel manually. Make sure the user has an account in Practice Protect with the same username, and ensure the user is also assigned to the Weel SSO Users role.