Hello - We are pleased to announce that our on-prem customers for Unity Version Control (Plastic SCM) can now use Microsoft Entra (Azure AD SSO) as a new authentication method, using the SAML protocol.
This allows you to use your existing Microsoft credentials to log in to your repositories and start using the Unity Version Control (UVCS) platforms, such as the on-prem Plastic GUI, the console or the web dashboard.
You can access this new feature by downloading the client and server versions 11.0.16.8622 or later.
This new authentication integration includes user and group permission settings, which you can configure in the Azure Active Directory through the Microsoft Graph API.
Once your users are authenticated, Unity Version Control - Enterprise Edition (also called Plastic SCM on-prem) will operate like with any other type of authentication service. An internal Plastic token system takes over and periodically checks against the user credentials.
You can visit our dedicated Technical Documentation page to find all the necessary information, including the advanced features and setup of this exciting new integration.
Please note that to enable this new authentication system for your On-Prem storage, multiple changes were made, including a new SamlProvider class, and a new SAML Settings class accessible with the CLI and stored in the server.conf file, a new SamlToken class for the authentication, and new classes that interact with the Microsoft Graph API service.
There are a few extra security checks making it easier to work using the CLI or the GUI. The web environment is handled slightly differently than the standard SAML workflow.
The prerequisites for using MS Entra with Unity Version Control - Enterprise edition (also called Plastic on-prem) are:
- Azure subscription
- Access to one Azure APP registration, to set up the endpoints and authorization parameters (*you can create a new registration on the Azure portal, in the ‘App registrations’ section)
- Contact access to your Azure admin, to grant permission to the Graph API elements for querying users and groups
Click here to read the Azure configuration steps.
They include: app registration, authentication endpoints, secret creation and Graph API permissions.
Click here to read the Plastic Server configuration steps.
They include: server config via the Plastic web dashboard/console/client, authentication config.
We hope you and your organization will find this useful.
Please leave a comment below if you have any feedback.
Thanks,
The Unity Version Control team