Learn how users of the HashiCorp Cloud Platform (HCP) can now leverage the popular OpenID Connect (OIDC) protocol for their single sign-on (SSO) integrations.
We are excited to announce that HashiCorp Cloud Platform (HCP) now allows organizations to configure their single sign-on (SSO) with the OpenID Connect (OIDC) authentication method. This popular SSO solution gives organizations leveraging HCP more options to integrate identity providers (IDPs) into their cloud platform.
OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol that enables clients to verify end-users’ identities based on the authentication performed by an authorization server or identity provider, as well as obtain basic profile information about the end user in an interoperable and REST-like manner. You can learn more about OIDC here.
Previously, HCP supported three specific types of authentication methods: email and password combination, GitHub, and SAML SSO. Many HCP users and customers, however, leverage OIDC external identity providers (IDPs) across their networks and want to integrate them to log in to HCP.
Due to these requests and the overall popularity of this authentication method, the latest release of HCP offers full support for OIDC authentication methods, allowing users to delegate authentication to their preferred OIDC provider.
Many organizations find OIDC SSO much simpler to implement than SAML and more accessible through APIs because it works with RESTful API endpoints. In addition, by enabling OIDC SSO, HCP adds another way to easily integrate with popular identity providers like Microsoft Azure Active Directory and Okta. Lastly, this is the first step in allowing all HCP products to integrate with each other through a single seamless authentication workflow. Look for more HCP integration updates in the future.
HCP supports all OIDC external identity providers. Two popular identity providers, Azure Active Directory and Okta, have unique implementation procedures. You can see an overview below, or click through for more detailed instructions. Refer to SSO Overview for details about managing organizations with SSO enabled.
Setting up OIDC SSO on HCP utilizing Azure Active Directory requires three main actions:
For detailed step-by-step instructions visit the Azure Active Directory OIDC SSO Configuration page.
Setting up OIDC SSO on HCP utilizing the Okta identity provider is also straightforward:
For detailed step-by-step instructions visit the Okta OIDC SSO Configuration page.
OIDC SSO expands user management options for organizations leveraging the HashiCorp Cloud Platform. It can help mitigate account take over (ATO) attacks, provide a universal source of truth to federate identities from your identity provider (IDP), and help you better manage user access to your organization. Keep an eye out for further integrations to increase user security and flexibility as HCP develops.
Infrastructure producers and consumers require very different capabilities from their automation tools. Vendors need to provide a flexible infrastructure as code solution that meets users at their different levels of expertise.
Recent Terraform Enterprise releases include powerful new features such as projects, native OPA support, dynamic provider credentials, and drift detection.
Worker management is very dynamic in Boundary and HCP Boundary. With a new custom plugin, you can automate even more tasks, including worker cleanup.