Identity Providers (IdPs) provide a central registry to verify user identities. Enterprises use IdPs to grant employees secure access to mission critical products.
Helix Authentication Service (HAS) allows you to integrate Perforce products — such as Helix Core (including clients and plugins), Helix ALM, and Surround SCM — with your organization's Identity Provider (IdP).
Helix Authentication Service gives you 360-degree protection for your most valuable assets — your IP.
It currently supports the OpenID Connect and SAML 2.0 authentication protocols. As far as IdPs go, it is internally certified with Microsoft Azure Active Directory (AAD), Okta, and Google Identity. It is also known to be compatible with other IdPs such as Auth0, OneLogin, and Google G-Suite. Helix Authentication Service replaces the now retired Helix SAML application and should eliminate the need for the Helix MFA Authenticator application. Users can just perform the 2FA step through their preferred IdP as part of the authentication process.
To avoid password fatigue and save your developers time, implement Helix Authentication Service. Let’s see how it works with the Helix Core command line and the Helix Visual Client (P4V).
First, let’s show an example of logging in via P4, the Helix Command-line Client.
Here we can see that the `p4 login` command redirects the user to their default browser where there is a login page for the configured Identity Provider, in this case Okta. Note that there is a server configurable called `P4USEBROWSER` that must be set to `true` in order for P4 to actually open the user’s default browser. If not set, the user will simply see a message printed out on the command-line with a URL that can be manually copied and pasted into a browser.
We also see that as part of the login process, a 2FA step has been configured inside of the Identity Provider. Once the initial login and 2FA step are successful, the user see a success message in their browser. When we head back to the command line, we can see that the user is now successfully logged in.
Now let’s hop over to P4V, the Helix Visual Client. Here, if we attempt to connect to the same server where we just authenticated with P4, we won’t need to re-authenticate against the Identity Provider again. However, if we log out of our IdP session, and attempt to access the server via P4V again, we’ll see that P4V will redirect us to our default browser where we can again authenticate against the Identity Provider.
With Helix Authentication Service you can also configure “non-SSO” users. This is oftentimes reserved for automation users but can also be used for human users. For example, you’ll likely want to keep your SUPER user independent of your IdP in case that IdP is unavailable and you need to gain access to the server.
It is important to note that logging out of P4, P4V, or any other client or plugin does NOT actually log you out of the IdP. Therefore, if a user logs out of P4, and then tries to log in via P4V, that user will be granted a new token in Helix Core without having to re-authenticate with the IdP.
Getting started with Helix Authentication Service is easy. Download it now.
Not a Helix Core customer? You can get started for free for up to 5 users.