Integrating the license server with identity providers

If your organization uses an identity provider that supports SAML or OpenID Connect authentication methods, such as Okta, you can configure the license server to use the provider for authenticating to Perforce ALM, Surround SCM, and license server clients. This requires using the Perforce Authentication Service, which lets you integrate various Perforce products with your identify provider.

If a user is configured to log in using a provider, they enter their Perforce ALM product username on the product login dialog box or page and then the identity provider site opens in a browser. The user authenticates with the provider. If authentication is successful, they return to the Perforce ALM product and can start working. Any user fields mapped between the license server and provider are updated with the field value from the provider in the user record on the license server.

If your organization uses electronic signatures in ALM, make sure you review important configuration information to make sure signatures are compliant. See Using Perforce ALM and Surround SCM electronic signatures with identity providers.

Configuring identity provider authentication

To configure authentication with an identity provider:

1. An experienced security administrator needs to install and configure HAS. See Installing the Perforce Authentication Service.

2. In the license server admin utility, enable authentication for OpenID Connect and SAML. See Setting authentication options.

3. Add a provider. See Adding OpenID Connect and SAML providers.

4. Add users to the license server if they do not already exist. See Adding users.

5. Select the provider for users who will use it to log in. See Setting authentication methods and passwords for users.

Supported clients

The following clients support authentication using an identity provider.

Perforce ALM

Must use Perforce ALM/Helix ALM 2019.4 or later.

  • Client (desktop and web)
  • Server admin utility (desktop and web)
  • Microsoft Visual Studio add-in
  • Surround SCM desktop client integration

Perforce ALM License Server

  • Admin utility (desktop and web)

Surround SCM

Must use Surround SCM 2019.2 or later.

  • Desktop client
  • CLI
  • Microsoft Visual Studio integrations — VSIP and MSSCCI

Unsupported clients

The following clients do not support authentication using an identity provider.

Perforce ALM

  • REST API
  • SOAP SDK

Perforce ALM Data Warehouse

  • Web application

Perforce ALM License Server

  • API

Surround SCM

  • Analyze utility
  • API

Authentication flow

The following diagram shows how the license server, Perforce Authentication Service, and your identity provider work together to allow authentication to Perforce ALM products. Click the diagram to enlarge it.