Configuring user authentication for the Presentation Server in Remedy SSO
After you create or edit and configure the tenant details in Remedy SSO, you must configure the user authentication type. Remedy SSO can be configured to provide one of the following authentication types for the TrueSight Presentation Server:
From the TrueSight console, you can only view the user information. You must perform all modifications to the user information in Remedy SSO. You can do that by cross-launching to Remedy SSO from the TrueSight console.
Before you begin
- You must have installed Remedy SSO.
- You must have set the Remedy SSO general settings.
- You must have configured tenants to be used with the TrueSight Presentation Server.
Local User Management authentication
Local Users Management authentication is a simple light-weight user store which is not supposed to be a corporate-wide authentication provider. It is not designed as a high performance authentication provider to support group policies, password expiration, and so on. It allows creating realm specific user stores which can be used for different purposes. For example, in multi-tenant environments, it can be used to configure admin privileges for different tenants using different user accounts belonging to appropriate realms.
Typical use cases for Local User Management authentication:
- when using local users for applications requiring several user accounts
- when corporate identity providers are not available
- for testing purposes
You should consider other authentication types in case you are designing corporate-wide authentication for a high workload.
All local users and groups created after the release of 9.1 SP2 and prior to upgrading to 9.1 SP3 are not assigned to any realm. After the upgrade of Remedy Single Sign-On to 9.1 SP3, a new empty realm is created and all existing local users are moved into it. The administrator can remove local users from this realm and recreate them for the necessary realm if needed.
The Remedy SSO server provides support for using external Lightweight Directory Access Protocol (LDAP) servers for authentication. The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.
Support for LDAP also includes using external Active Directory (AD) servers for authentication. The Active Directory authentication must be configured for the enterprise environment.
You can configure the Remedy Single Sign-On (Remedy SSO) server to authenticate users through SAMLv2 authentication. SAML V2.0 is implemented by forming a Circle of Trust that comprises a Service Provider (SP) and an Identity Provider (IdP).
The SP hosts and protects the services that the user accesses. Remedy SSO is configured as an SP for BMC products. The IdP authenticates users and provides details of the authentication information to the SP.
This section provides the following information for configuring authentication types in Remedy SSO: