Account Creation

Olive Helps has two forms of authentication: SSO using Active Directory/SAML or OAuth using an Olive account.

Single Sign On with Azure Active Directory

For enterprises that use Azure Active Directory, we support SSO by allowing your employees to use your organization’s Azure AD domain to log in to Olive Helps. If you have Olive Helps installed, you can sign in using your existing authenticated AD credentials and will gain access to the desktop application based on your inherited AD policies.

Please note: Although we do sync groups from your Azure AD domain upon log in, we do not currently leverage those to drive permissions. When it comes to questions like “what PHI would logging in give you access to,” and the answer is: when you log in to Olive Helps, you don’t get access to any extra PHI that you didn’t already have permission to access. Based on the way Olive Helps works, the app accesses what you can see -- the app doesn’t have any inherent permission or access of its own.

To allow your employees to log in to Olive Helps using their Azure Active Directory accounts, Please refer the documentation linked here.

Single Sign On with SAML

To configure Olive Helps to use your organization's single sign on flow you will need to create the application in your IdP, configure the SAML connection, and lastly work with Olive technical team to configure the integration between your organization's identity provider and Olive's authentication service. Olive Helps' authentication service can work with most IdPs such as Okta, PingFederate, SecureAuth or others. Linked here is a rough guide to configuring Okta with Olive Helps. The steps will be similar to other IdPs as the SAML connection will require the single sign on url as well as audience URI. Other attributes may need to be setup based on your organizations rules.

You can start configuring SSO for Helps by creating the app and SAML integration in your IdP. Once that is set you can contact Olive Support or your Olive account representative to finalize the connection with an Olive tech lead. If you choose to contact support you will need to have an Olive Helps account to sign into the support portal. Support documentation can be found here.

Olive Accounts

You can use Olive Helps to sign up for and log in with an Olive account. These accounts have strict requirements like email verification, minimum password strength, password reset frequency, and require TOTP-based multi-factor authentication.

Olive account security requirements and features

Security features

• Email verification upon account creation

• TOTP-based MFA

• Max required re-login threshold: 7 days (note: Olive Helps enforces a 1 day limit instead of 7 days)

• Max inactivity period: 72 hours (note: Olive Helps enforces a 24 hour limit instead of 72 hours)

• Suspicious IP throttling: block traffic from any IP address that rapidly attempts too many logins or signups across accounts

• Brute-force protection: 10 consecutive failed login attempts from a single user triggers a block

Password requirements

• Password reset frequency: 90 days

• No more than two identical characters in a row

• Require lower case, upper case, numbers, and special characters (!@#$%^&*)

• Minimum length: 8 characters

• Password history: 6 passwords (cannot reuse recent passwords)

• Cannot use one of the 10,000 most used passwords

• No personal data -- do not allow passwords that contain any part of the user's personal data

Create your Olive account

Start Olive Helps. On the login screen, click the Join tab. Fill out the required fields, accept the terms of service, and click Join to create your account.

Set up Multi Factor Authentication

We require multi factor authentication (MFA/2FA) to log in to Olive Helps. You have the choice of using either an authenticator application (such as Google Authenticator or Duo), or an SMS process to verify your access upon sign-in. Steps for configuring MFA for Olive Helps can be found below for both of the available options. You only need to enable one form of MFA to successfully authenticate.

Option A: Enabling MFA with an Authenticator

Step 1: Enrollment Screen

After you register for an account, you will be met with an MFA enrollment screen that asks you to scan a QR code with an authenticator app, with an alternative option to use SMS (see the SMS MFA instructions within this guide if you intend to use this option).

Step 2: Scan QR Code and Enter Code

Open your authenticator app of choice on your phone -- some of our recommendations include: Authy, DUO, or Google Authenticator. With your authenticator open, scan the displayed QR code from your Olive Helps login window. Once the QR code has been successfully scanned, your authenticator will generate a code to enter into the login window.

Step 3: Recovery Code

Next, you'll be given the opportunity to copy and store your MFA recovery code in case you lose access to your MFA device. The box verifying that you have stored your code must be checked before proceeding.

Step 4: Successfully Configured MFA

Once you have moved past the window for storing your recovery code, you'll see a success screen verifying that your MFA solution has been configured. To finish logging into the app, hit the Continue option.

Option B: Enabling MFA with SMS

Step 1: Enrollment Screen

After registering for an account, you will see a MFA enrollment screen. To use SMS instead of an authenticator, select the option at the bottom indicating you would rather receive a text message.

Step 2: Enter Phone Number

Once SMS has been selected, you will be prompted to enter the phone number you would like to use for verification.

Step 3: Receive Text Message and Enter Code

You will receive a code via text message to enter into the login window. Enter the code to proceed.

Step 4: Recovery Code

Next, you'll be given the opportunity to copy and store your MFA recovery code in case you lose access to your mobile device. The box verifying that you have stored your code must be checked before proceeding.

Step 5: Successfully Configured MFA

Once you have moved past the window for storing your recovery code, you will see a success screen verifying that your SMS MFA solution has been configured. To finish logging into the app, hit the Continue option.

Verify your account

Go to your email client and look for an email titled Olive Helps verification. Open it and click Confirm my account.

This will open a browser window to verify your email -- you may close this window once you see the green check below. That's it! You now have an Olive account.