Setting authentication methods and passwords for users

You can change the method that a user uses to authenticate with the license server and other Helix ALM products. License server authentication is the default authentication method, but you can change it to use an OpenID Connect/SAML provider or external authentication. To change the authentication method for an Active Directory (AD) or LDAP user, you need to remove the association with the AD/LDAP server first. See Changing Active Directory and LDAP server associations.

You can also set a password and options for passwords for users who use license server authentication.

1. Click the Authentication tab when adding or editing a user.

2. Select the Authentication method the user will use to log in to Helix ALM products.

  • Select License server if the user will log in using the username and password set in their license server user record.
  • Select an authentication provider name if the user will log in using an identity provider, such as Okta. See Integrating the license server with identity providers. If providers are configured on the license server and the list is empty, make sure that OpenID Connect and SAML is selected as an allowed authentication method in the server options. See Setting authentication options.
  • If the user is associated with an Active Directory (AD) or LDAP server and the External authentication field is not set to Required, the server name is displayed and cannot be changed. To remove the association with the AD/LDAP server, click Remove LDAP Association. See Changing Active Directory and LDAP server associations. If the user is associated with an AD server and single sign-on is configured, you can enable it for the user. Select Allow user to log in using single sign-on. See Using single sign-on for information.

3. If external authentication is configured and allowed, select an option to indicate if the user can, cannot, or must use it to log in. See Using external authentication for information.

External authentication is not available if an authentication provider is selected in the Authentication method field.

  • Not allowed restricts the user from using external authentication.
  • Allowed allows the user to use external authentication.
  • Required requires the user to use external authentication. If this option is selected, the Authentication method field value is automatically set to External and cannot be changed.

Note:  If external authentication is configured, but the External authentication field is not displayed, make sure that External authentication is selected as an allowed authentication method in the server options. See Setting authentication options.

4. If License server is selected for the Authentication method, enter and confirm a Password for the user.

You can enter up to 128 characters for the password. You can also set the following password options.

  • User must change password at next login prompts the user to change their password the next time they log in to a Helix ALM product.
  • User cannot change password restricts the user from changing their password.
  • Password never expires prevents the password from expiring so the user does not need to change it on a regular basis.

5. To add an API key for the user or manage existing keys, click Manage API Keys. API keys are used to authenticate the user with the Helix ALM REST API. See Managing API keys.

6. Click OK to save the changes.