Who we are

We are the developers of Plastic SCM, a full version control stack (not a Git variant). We work on the strongest branching and merging you can find, and a core that doesn't cringe with huge binaries and repos. We also develop the GUIs, mergetools and everything needed to give you the full version control stack.

If you want to give it a try, download it from here.

We also code SemanticMerge, and the gmaster Git client.

Microsoft Entra SAML Support

Thursday, May 16, 2024 Manuel Lucio Dallo , , 0 Comments

We are back in this blog to announce that starting from the 11.0.16.8622 version, our On-Prem customers for Unity Version Control (Plastic SCM) can now use Microsoft Entra (Azure AD SSO) as a new authentication method, using the SAML protocol.


This allows you to use your existing Microsoft credentials to log in to your repositories and start using the Plastic
GUI and the CLI.

This new authentication integration includes both the user and group permission settings, which you can configure
in the Azure Active Directory through the Microsoft Graph API.

How to configure it?

Just configure the On-Prem Plastic SCM server to use the new "SAML" authentication mode. You have two ways to
do it, using the CLI or the WebAdmin portal.

  • Use the "./plasticd --configure" CLI command


  • Use the WebAdmin portal

If you have any questions about how to get some of the Microsoft Entra ID needed fields for the server
configuration, please check the detailed guide we've prepared:
https://docs.unity.com/ugs/en-us/manual/devops/manual/uvcs-on-prem/SAML-auth-microsoft#Configure_your_Plastic_server

And, in case you need help configuring Microsoft Entra, we've prepared this guide to help you as well:
https://docs.unity.com/ugs/en-us/manual/devops/manual/uvcs-on-prem/SAML-auth-microsoft#Configure_Azure

Finally, once the server is configured to use Microsoft Entra ID, it's time to let the client use it. You can either use
the "cm configure" or the GUI wizard to configure your client. The client will automatically detect that the SAML
authentication used by the server will propose you to use it.

How does it work?

With the SAML protocol, we are delegating the authentication to Microsoft Entra ID. You notice how the client
opens the Microsoft login page so you can use your Microsoft account to authenticate. Then, Microsoft will call
back the Plastic SCM server to confirm your user is authenticated. 

The client will remain connected until the session expires (expiration, in days, is set during the server SAML
configuration). Once the session expires the client will need to log in again to continue working.

There are a few cases where the access can be revoked:

  • Manually revoke the access to a given user via Microsoft Entra.

  • If the user changes his/her password account during an active Plastic session, the ticket will also be
    revoked, with the same result as before. 

We use Microsoft Entra ID for user authentication, but Plastic SCM permissions are still used for authorization,
so you can use the Plastic SCM ACL power to configure access to your repositories.

We hope you like this new SAML support! If you have any questions, please email the support team or create a support ticket.



Manuel Lucio Dallo

0 comentarios:

Subscribe to: Post Comments (Atom)