Everything you need to know about signing up and logging into Olive Helps
Olive Helps has two forms of authentication: SSO using Active Directory/SAML or OAuth using an Olive account.
Single Sign On with Azure Active Directory
For enterprises that use Azure Active Directory, we support SSO by allowing your employees to use your organization’s Azure AD domain to log in to Olive Helps. If you have Olive Helps installed, you can sign in using your existing authenticated AD credentials and will gain access to the desktop application based on your inherited AD policies.
Please note: Although we do sync groups from your Azure AD domain upon log in, we do not currently leverage those to drive permissions. When it comes to questions like “what PHI would logging in give you access to,” and the answer is: when you log in to Olive Helps, you don’t get access to any extra PHI that you didn’t already have permission to access. Based on the way Olive Helps works, the app accesses what you can see -- the app doesn’t have any inherent permission or access of its own.
To allow your employees to log in to Olive Helps using their Azure Active Directory accounts, Please refer the documentation linked here.
Single Sign On with SAML
To configure Olive Helps to use your organization's single sign on flow you will need to create the application in your IdP, configure the SAML connection, and lastly work with Olive technical team to configure the integration between your organization's identity provider and Olive's authentication service. Olive Helps' authentication service can work with most IdPs such as Okta, PingFederate, SecureAuth or others. Linked here is a rough guide to configuring Okta with Olive Helps. The steps will be similar to other IdPs as the SAML connection will require the single sign on url as well as audience URI. Other attributes may need to be setup based on your organizations rules.
You can start configuring SSO for Helps by creating the app and SAML integration in your IdP. Once that is set you can contact Olive Support or your Olive account representative to finalize the connection with an Olive tech lead. If you choose to contact support you will need to have an Olive Helps account to sign into the support portal. Support documentation can be found here.
You can use Olive Helps to sign up for and log in with an Olive account. These accounts have strict requirements like email verification, minimum password strength, password reset frequency, and require TOTP-based multi-factor authentication.
Olive account security requirements and features
Email verification upon account creation
Max required re-login threshold: 7 days (note: Olive Helps enforces a 1 day limit instead of 7 days)
Max inactivity period: 72 hours (note: Olive Helps enforces a 24 hour limit instead of 72 hours)
Suspicious IP throttling: block traffic from any IP address that rapidly attempts too many logins or signups across accounts
Brute-force protection: 10 consecutive failed login attempts from a single user triggers a block
Password reset frequency: 90 days
No more than two identical characters in a row
Require lower case, upper case, numbers, and special characters ([email protected]#$%^&*)
No personal data -- do not allow passwords that contain any part of the user's personal data
Create your Olive account
Start Olive Helps. On the login screen, click the Join tab. Fill out the required fields, accept the terms of service, and click Join to create your account.
Olive Account Creation
Set up Multi Factor Authentication
We require multi factor authentication (MFA/2FA) to log in to Olive Helps. You have the choice of using either an authenticator application (such as Google Authenticator or Duo), or an SMS process to verify your access upon sign-in. Steps for configuring MFA for Olive Helps can be found below for both of the available options. You only need to enable one form of MFA to successfully authenticate.
Option A: Enabling MFA with an Authenticator
Step 1: Enrollment Screen
After you register for an account, you will be met with an MFA enrollment screen that asks you to scan a QR code with an authenticator app, with an alternative option to use SMS (see the SMS MFA instructions within this guide if you intend to use this option).
Step 2: Scan QR Code and Enter Code
Open your authenticator app of choice on your phone -- some of our recommendations include: Authy, DUO, or Google Authenticator. With your authenticator open, scan the displayed QR code from your Olive Helps login window. Once the QR code has been successfully scanned, your authenticator will generate a code to enter into the login window.
Step 3: Recovery Code
Next, you'll be given the opportunity to copy and store your MFA recovery code in case you lose access to your MFA device. The box verifying that you have stored your code must be checked before proceeding.
Step 4: Successfully Configured MFA
Once you have moved past the window for storing your recovery code, you'll see a success screen verifying that your MFA solution has been configured. To finish logging into the app, hit the Continue option.
Option B: Enabling MFA with SMS
Step 1: Enrollment Screen
After registering for an account, you will see a MFA enrollment screen. To use SMS instead of an authenticator, select the option at the bottom indicating you would rather receive a text message.
Step 2: Enter Phone Number
Once SMS has been selected, you will be prompted to enter the phone number you would like to use for verification.
Step 3: Receive Text Message and Enter Code
You will receive a code via text message to enter into the login window. Enter the code to proceed.
Step 4: Recovery Code
Next, you'll be given the opportunity to copy and store your MFA recovery code in case you lose access to your mobile device. The box verifying that you have stored your code must be checked before proceeding.
Step 5: Successfully Configured MFA
Once you have moved past the window for storing your recovery code, you will see a success screen verifying that your SMS MFA solution has been configured. To finish logging into the app, hit the Continue option.
Verify your account
Go to your email client and look for an email titled Olive Helps verification. Open it and click Confirm my account.
This will open a browser window to verify your email -- you may close this window once you see the green check below. That's it! You now have an Olive account.