Integrating the Helix ALM License Server with identity providers

If your organization uses an identity provider that supports SAML or OpenID Connect authentication methods, such as Okta, you can configure the license server to use the provider for authenticating to Helix ALM, Surround SCM, and license server clients. This requires using the Helix Authentication Service (HAS), which lets you integrate various Perforce products with your identify provider.

If a user is configured to log in using a provider, they enter their Helix ALM product username on the product login dialog box or page and then the identity provider site opens in a browser. The user authenticates with the provider. If authentication is successful, they return to the Helix ALM product and can start working. Any user fields mapped between the license server and provider are updated with the field value from the provider in the user record on the license server.

If your organization uses electronic signatures in Helix ALM, make sure you review important configuration information to make sure signatures are compliant. See Using Helix ALM and Surround SCM electronic signatures with identity providers.

Configuring identity provider authentication

To configure authentication with an identity provider:

1. An experienced security administrator needs to install and configure HAS. See Installing the Helix Authentication Service.

2. In the license server admin utility, enable authentication for OpenID Connect and SAML. See Setting authentication options.

3. Add a provider. See Adding OpenID Connect and SAML providers.

4. Add users to the license server if they do not already exist. See Adding users.

5. Select the provider for users who will use it to log in. See Setting authentication methods and passwords for users.