Integrating with identity providers for single sign-on

If your organization uses an identity provider that supports SAML or OpenID Connect authentication methods, such as Okta, you can configure Hansoft to use it for single sign-on (SSO). This requires using the Helix Authentication Service (HAS), which lets you integrate various Perforce products with your identity provider.

When single sign-on is enabled for Hansoft, users click a button to use single sign-on in the login dialog box and then the identity provider site opens in a browser. The user authenticates with the provider. If authentication is successful, the user can start working in Hansoft.

Single sign-on is supported for both the Hansoft desktop client and the web client.

Configuring identity provider authentication and single sign-on

To configure authentication with an identity provider for Hansoft:

1. An experienced security administrator needs to install and configure HAS. See Installing the Helix Authentication Service for single sign-on.

2. Add certificates on the Hansoft server. See Configuring certificates for single sign-on on the Hansoft server.

3. In the Hansoft Server Administrator, enable single sign-on and set options. See Enabling single sign-on and setting options.

Single sign-on flow

The following diagram shows how Hansoft, HAS, and your identity provider work together to allow single sign-on in Hansoft. Click the diagram to enlarge it.