Page tree

Unsupported content

 

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Skip to end of metadata
Go to start of metadata

BMC ProactiveNet integrates with BMC Atrium Single Sign-On, an authentication system that supports many authentication protocols and provides single sign-on and single sign-off for users of BMC products. BMC Atrium Single Sign-On allows users to present credentials only once for authentication and subsequently be automatically authenticated by every BMC product that is integrated into the system.

BMC Atrium Single Sign-On uses agents which are integrated into each of the BMC products. These agents perform the following functions:

  • Access authentication services
  • Coordinate with the server to authenticate users
  • Validate existing authentications

The following integration architecture diagram shows BMC product integration with BMC Atrium Single Sign-On.

The diagram shows that users provide authentication credentials to access one BMC product with an integrated BMC Atrium Single Sign-On Agent. Authentication is routed through a BMC Atrium Single Sign-On component in standalone server mode. Restricted access to other integrated BMC products is validated through a single sign-on token.

Guidelines and recommendations

BMC recommends the following conditions for BMC ProactiveNet Server single sign-on integration:

  • Install BMC ProactiveNet Server and BMC Atrium Single Sign-On server in the same domain.
  • If you upgrade from BMC ProactiveNet version 8.5 or 8.6, then you can configure single sign-on integration through one of the following postinstallation processes:
  • Configure the BMC ProactiveNet Server to use 256-bit SSL encryption on each BMC ProactiveNet Server in the deployment before configuring single sign-on integration.
  • To use LDAP as authentication provider, configure the LDAP authentication module in BMC Atrium Single Sign-On, and then integrate BMC ProactiveNet with the BMC Atrium Single Sign-On server.
  • Set the value of the BMC ProactiveNet Server session timeout to be greater than the value of the BMC Atrium Single Sign-On session timeout. For information about setting timeout periods in BMC ProactiveNet, see the BMC ProactiveNet Administrator Guide. For information about setting timeout periods in BMC Atrium Single Sign-On, see the online technical documentation for BMC Atrium Single Sign-On.

Users and user groups

You must create BMC ProactiveNet users and user groups in BMC Atrium Single Sign-On and assign users to user groups. The user groups that are created on BMC Atrium Single Sign-On need to be present and mapped on BMC ProactiveNet. The group name is used as mapping for retrieving the permissions in BMC ProactiveNet.

The same user name cannot exist in BMC ProactiveNet Server and Atrium Single Sign-On. Configuration item-based access control describe access control when BMC ProactiveNet is integrated with BMC Atrium Single Sign-On in a single-server or multiple-server deployment.

Multiple server environment

In a multiple-server deployment, with a BMC ProactiveNet Central Server and more than one BMC ProactiveNet Child Server, you can integrate with the BMC Atrium Single Sign-On server for seamless access from the central server to child servers, and from the child servers to the central server. Without single sign-on, you provide authentication credentials for each server you want to access. With single sign-on integration, you provide authentication credentials only once and then you have access to the whole system.

Complete single sign-on integration with each BMC ProactiveNet Central Server and Child Server to ensure functionality across the deployment.

Related topics

For details about single sign-on configuration, see BMC ProactiveNet Installation and Configuration Guide.
For details about pw sso commands, see BMC ProactiveNet Command Line Interface Reference Guide.
For details about post-installation configuration, see BMC ProactiveNet User Guide.