A user refers to an entity or person that can be authenticated into BMC Helix Portal. Each user is given a unique identity within a tenant.
Users can be of different types based on how they access BMC Helix Portal:
- Users that require console access: Tenant administrators and users created by the tenant administrator require credentials to access the BMC Helix Portal console. External users imported from a supported identity provider (IdP) or synced from BMC Helix ITSM by the BMC SaaS Operations team can access BMC Helix Portal by using their existing credentials. For more information, see User identities.
A user can access BMC Helix Portal by using their credentials both via the UI and programmatically. However, we recommend that you use the API user credentials for programmatic access or to run APIs.
- API users that require programmatic access: API users have the API key, which includes the access key (similar to a user name) and the secret key (similar to a password). The API key can be used for programmatic access to BMC Helix Portal. This key can be generated by the tenant administrator (at a tenant level) or by an individual user (at a user level).
Tenant administrators receive credentials to access the common services console by the BMC SaaS Operations team. They have administrator privileges and have complete access to all the common services and integrated products. Tenant administrators can perform the following actions to manage user authorization:
- Create all other users including API users.
- Create groups of users and provide access permissions to individuals users and groups via roles.
- Create or delete other administrators.
However, tenant administrators cannot change the password for any user in the system. Individual users can change their own passwords by clicking the Forgot Password link on the logon screen.
API users can programmatically authenticate into BMC Helix Portal with the access key (similar to a user name) and the secret key (similar to a password). The access key and the secret key are generated as a set.
These keys can be generated at a tenant level or at a user level:
- Tenant level: Generated by a tenant administrator at the time of creating an API user. The API user contains the API key. These keys are created from the API Users tab section under Common services > User management.
The tenant-level API key can be used by any user with the correct permissions under that tenant. A tenant administrator can grant appropriate access permissions to the API users by associating them with appropriate roles or groups that are already associated with the appropriate roles.
- User level: Generated by an individual user at the time of creating the user-level API key. These keys are created from the user profile section.
The user-level key can only be used by the user who generated the API key. Because the API key applies to an individual user only, it inherits the individual user's access permissions.
The configuration details required for creating the tenant-level keys and the user-level keys is the same.
Is there a difference between the tenant-level and user-level keys?
No, there is no difference.
The API key refers to the access key and the secret key generated as a set. The API user contains the API key. The API user is also a logical representation of a robotic user who needs programmatic access.
While API users can be assigned access permissions via roles, the user-level API keys inherit permissions from the individual users.
Where to go from here
To create or delete a user that requires console access, see Setting up users for console access.
To create, edit, or delete an API user, see Setting up API users for programmatic access.