New in HCL Launch 7.1.2 - OAuth 2.0

HCL Launch allows users to log in with a number of authentication solutions – in addition to our native authentication method, we integrate seamlessly with CAS SSO and LDAP. Starting in 7.1.2.0, a new authentication method is available – OpenID Connect / OAuth 2.0! Integrate with any OpenID Connect provider to allow your users to authenticate with HCL Launch the same way they authenticate with apps throughout your organization. This can simplify the log-in process for end users and allow you to maintain business-wide authentication security policies in a central place. 

What is OpenID Connect / OAuth 2.0? 

The OpenID Foundation describes OpenID Connect as “a simple identity layer on top of the OAuth 2.0 protocol.” While OAuth 2.0 is a protocol which allow for authorization to an API, OpenID extends OAuth 2.0 to provide the ability to verify a user’s identity. What does that mean for HCL Launch? If HCL Launch is configured to connect with an OpenID Provider (such as Okta, Azure, or Keycloak), users can login to HCL Launch via that provider. 

That’s great – how do I get started? 

The first step is registering HCL Launch as a Client application with your OpenID Provider. The details of this process will vary by vendor. 

Once registered, it’s time to configure a new Authentication Realm in HCL Launch. Your OpenID Provider will offer a Client ID and Secret, and some other details, which you will need for this process. The newly configured Authentication Realm can only map to internal Authorization realms, so users must be manually added to their necessary groups and teams once they are created. 

Now Let’s try it out! 

Logout and return to the login page. Use the dropdown to select the new OpenID Connect login realm. If all is configured properly, clicking “Log In With OpenID” will direct you to your OpenID provider’s login prompt.  

After you’ve logged in, don’t be alarmed if you find yourself without any permissions – your user was just created in the new OpenID realm and will need to be added to the proper groups, teams, and roles. 

HCL Launch will maintain your session by checking in periodically with the OpenID Provider – as long as you’re logged into the OpenID Provider, we will keep your user session open for you. However, if you’ve logged out of your OpenID Provider, you’ll be forced to reauthenticate. 

And that’s all there is to it! With OpenID Connect authentication on HCL Launch 7.1.2.0 you can easily improve end-user experience, and simplify security.