If your organization uses an identity provider that supports SAML or OpenID Connect authentication methods, such as Okta, you can configure Helix Plan to use it for single sign-on (SSO). This requires using the Helix Authentication Service (HAS), which lets you integrate various Perforce products with your identity provider.
When single sign-on is enabled for Helix Plan, users click a button to use single sign-on in the login dialog box and then the identity provider site opens in a browser. The user authenticates with the provider. If authentication is successful, the user can start working in Helix Plan.
Single sign-on is supported for both the Helix Plan desktop client and the web client.
Configuring identity provider authentication and single sign-on
To configure authentication with an identity provider for Helix Plan:
1. An experienced security administrator needs to install and configure HAS. See Installing the Helix Authentication Service for single sign-on.
2. Add certificates on the Helix Plan server. See Configuring certificates for single sign-on on the Helix Plan server.
3. In the Helix Plan Server Administrator, enable single sign-on and set options. See Enabling single sign-on and setting options.
Single sign-on flow
The following diagram shows how Helix Plan, HAS, and your identity provider work together to allow single sign-on in Helix Plan. Click the diagram to enlarge it.