This documentation supports the 9.1 version of Remedy Action Request System.

To view the latest version, select the version from the Product version menu.

AREA plug-ins introduction

AR System External Authentication (AREA) provides a way to validate users by connecting BMC Remedy AR System to a data source outside the AR System database. This can be done using the AREA LDAP plug-in or by creating your own custom plug-in for authentication services such as Kerberos. See Creating C plug-ins and AREA plug-in C API functions for details.

When users first log on to BMC Remedy AR System through a client or when a client issues an API call to BMC Remedy AR System, the AR System server verifies the user name and password.

If the server verifies that the user name and password are in the User form, it authenticates the information and processes the login or API call.

If the user information is not in the User form or if the user password is blank in the User form, the AR System server sends an authentication request to the plug-in server. The request passes from the plug-in server through the AREA plug-in instance to the external authentication source. The external authentication source sends authentication information back through the same path to the AR System server.

If the authentication source verifies that the user information is valid, the AR System server processes the API call or allows the user to log in.

When the authentication information is not verified (that is, the information is incorrect, incomplete, or cannot be found in the external data source), the AR System server returns an error message to the client.

The plug-in can load only one AREA plug-in instance at a time. An AREA plug-in can be configured to access one or more data sources.

AREA plug-ins can selectively override field values entered in the User form.


The plug-in behavior depends on how you configure the plug-in, such as whether you enable the Cross Reference Blank Password and the Authenticate Unregistered users options.

External authentication architecture

This section contains information on:

Was this page helpful? Yes No Submitting... Thank you


  1. Jeremy Ashe

    Is the note true that says "For the AR System server to use an AREA plug-in to authorize logins, the corresponding entries in the User form must have blank passwords." ? In 9.1.04 that is not the case even though this note appears in every version of the documentation at least since then. I can log in with any user type with either directory password or hard-coded ARS password.

    Apr 27, 2021 10:11
    1. Onkar Telkikar

      Hello Jeremy,

      Thank you for pointing out this issue with the content. We have removed the note from the documentation.


      Apr 28, 2021 12:04