HCL Launch allows users to log in with a number of authentication solutions – in addition to our native authentication method, we integrate seamlessly with CAS SSO and LDAP. Starting in, a new authentication method is available – OpenID Connect / OAuth 2.0! Integrate with any OpenID Connect provider to allow your users to authenticate with HCL Launch the same way they authenticate with apps throughout your organization. This can simplify the log-in process for end users and allow you to maintain business-wide authentication security policies in a central place. 

What is OpenID Connect / OAuth 2.0? 

The OpenID Foundation describes OpenID Connect as “a simple identity layer on top of the OAuth 2.0 protocol.” While OAuth 2.0 is a protocol which allow for authorization to an API, OpenID extends OAuth 2.0 to provide the ability to verify a user’s identity. What does that mean for HCL Launch? If HCL Launch is configured to connect with an OpenID Provider (such as Okta, Azure, or Keycloak), users can login to HCL Launch via that provider. 

hcl launch open id login

That’s great – how do I get started? 

The first step is registering HCL Launch as a Client application with your OpenID Provider. The details of this process will vary by vendor. 

Once registered, it’s time to configure a new Authentication Realm in HCL Launch. Your OpenID Provider will offer a Client ID and Secret, and some other details, which you will need for this process. The newly configured Authentication Realm can only map to internal Authorization realms, so users must be manually added to their necessary groups and teams once they are created. 

hcl launch open id connect

Now Let’s try it out! 

Logout and return to the login page. Use the dropdown to select the new OpenID Connect login realm. If all is configured properly, clicking “Log In With OpenID” will direct you to your OpenID provider’s login prompt.  

After you’ve logged in, don’t be alarmed if you find yourself without any permissions – your user was just created in the new OpenID realm and will need to be added to the proper groups, teams, and roles. 

HCL Launch will maintain your session by checking in periodically with the OpenID Provider – as long as you’re logged into the OpenID Provider, we will keep your user session open for you. However, if you’ve logged out of your OpenID Provider, you’ll be forced to reauthenticate. 

And that’s all there is to it! With OpenID Connect authentication on HCL Launch you can easily improve end-user experience, and simplify security.  

Comment wrap
Further Reading
Secure DevOps | April 13, 2021
What’s New in HCL Launch 
Our continuous delivery platform, HCL Launch, has been updated so it’s easier than ever to deploy software quickly, securely, and smoothly.
Secure DevOps | November 6, 2020
More on Process as Code, new in HCL Launch 7.1.1
With the release of HCL Launch 7.1.1, our continuous delivery tool is even more developer and integration integration friendly because of a new feature called PACC - Process as Code Compiler.
Secure DevOps | October 28, 2020
Processes as Code in HCL Launch
One of the new features in HCL Launch is the new “Process as Code” format that allows development teams to define and store their processes in an easily modifiable format.