MFA, multi-factor authentication, is the easiest and most popular way to secure enterprise users and their data. 81 percent of data breaches involve weak or stolen credentials. And MFA can prevent that.
In this video, we’ll show administrators the basics of setting up the Helix server and workstations with P4V, so they can access a Helix Core server that’s protected by an enterprise MFA solution.
Support for MFA is available as of the 2017.2 release of Helix Core (P4D). For the end-user login steps shown later in this video to work, your organization must use an enterprise MFA solution, such as Okta. We’ll be using Okta as the example in this video. The Perforce administrator must implement the Helix server-side MFA capabilities.
Here’s a brief overview of the steps you’ll have to accomplish, as an administrator, in order to implement Helix MFA.
Helix MFA is configured on the P4D server by installing a Perforce trigger.
Perforce triggers are the administrator-written programs or scripts that are called by the Perforce server, when certain operations are performed. For example, when a user attempts to log in.
A trigger that enables MFA with Okta, is similar to one that might be used to make P4D work with an external authentication mechanism such as LDAP or Active Directory.
Okta uses a REST API to interact with other systems in the multi-factor authentication process. Therefore, the Perforce trigger for MFA must use REST to communicate with Okta.
The trigger provided by Perforce to use with an Okta implementation is written in Ruby, and requires the Ruby rest-client Gem and support package to function.
To start, you’ll need to enter several things into the trigger script. You’ll need to insert your Okta key, the Okta URL, and the domain you use for Okta in your organization.
Then, you’ll edit the script to provide the Okta factors for authentication, and the text for prompts, success, and failure messages end users will see.
You can also edit the script to provide the prompts for the factors, and the messages the end-user will see upon success and failure.
When the user logs in, they first enter their standard Perforce username and password. Once authenticated, the trigger is executed.
The script adds the Okta domain to their username, and then passes it to Okta to confirm enrollment. If they aren’t enrolled, the process stops.
If the user is enrolled, the script picks the schemes the user is enrolled in, and they’re prompted to provide the factors. If that’s successful, they’re authenticated.
For more information on how Perforce triggers work, refer to the Perforce Server Administrator’s Guide, which has complete documentation.
To see how this looks for the end user, watch our video on using MFA with P4V.
Helix MFA currently works with Okta out-of-the-box, and it’s configurable with other providers. Contact your account representative for more details.
We hope you found this video helpful, and understand the basics of setting up P4D to use MFA.
For more information, please access the online technical documentation. Or, if you have any specific technical questions, contact [email protected].