Maintenance outage for upgrade on Sunday, September 22

This site, docs.bmc.com, will be inaccessible for two hours starting at 8 AM CDT, Sunday, September 22, for a platform upgrade.

    Page tree

       

    To view the latest information for BMC Helix services and policies, go to BMC Helix Subscriber Information.

    Skip to end of metadata
    Go to start of metadata

    This section describes the authentication options that are supported by the BMC OnDemand services.

    This section provides the following information:

    These options range from the intrinsic, basic authentication of the BMC Remedy AR System platform to advanced, single sign-on capability. Authentication options can also be chained, which allows combinations of these approaches to match your specific requirements.

    Summary of options

    The following table summarizes the authentication options available for BMC Remedy OnDemand:

    Authentication

    BMC Remedy ITSM

    BMC Analytics for BSM

    BMC Remedy with Smart IT and MyITBMC Service BrokerBMC HR Case Management

    Notes

    Standard AR authentication

    Yes

    Yes

    YesYesYes

    Specific user permissions may be required for different products.

    Federated authentication

    Yes

    Yes

    YesYesYes

    Uses common Security Assertion Markup Language (SAML) authentication for all products. Specific user permissions may be required for different products.

    LDAP pass-through*

    Yes

    Yes

    YesYesYes

    Uses common LDAP pass-through for all products

    *LDAP authentication is supported with Remedy Single Sign-On (RSSO) only. For existing customers who are deployed with High Availability Single Sign-On services, LDAP pass-through is unavailable.

    Recommendation

    Of the supported options described in the preceding table, BMC recommends federated authentication via SAML. This option aligns with typical SaaS-based authentication mechanisms seen in the industry.

    Frequently asked questions

     Which authentication and single sign-on methods are included in the subscription versus the additional integration fee?

    All the methods described in this topic are included with the subscription fee. If the authentication or single sign-on method involves additional infrastructure, the additional integration fee is required. Additionally, the integration is your responsibility and could require an implementation statement of work.

     I have multiple LDAP sources. Is this configuration covered with the subscription, or do I require the additional integration fee?

    Multiple LDAP sources can be configured in the system and do not require an additional integration fee. Additionally, the integration is your responsibility and could require a new statement of work.

    6 Comments

    1.  

      1.  

    2. Can BMC RoD connect to multiple domains in a single AD and pull the people information?

      Can  BMC RoD authenticate users on multiple domains in a single AD?

      Can BMC RoD connect to multiple ADs to pull in people data ?


      Regards

      Deepak

      1. Hi Deepak - connecting to multiple domains from a single AD or connecting to multiple ADs can be done as a customization (usually done by your onboarding team). Authenticating from multiple domains on a single AD is also possible although our preferred method is for you to authenticate via SAMLv2. Please let me know if you have any further questions.

        1. Hi Martha,

          Thanks. I understand the recommendation of authentication using SAMLv2. How do we fulfill the requirement of fetching people data from AD and syncing with ITSM every day in this case? A detail explanation would help.


          Regards

          Deepak

    3. Hi Deepak,

       there are multiple options to achieve that.

      Most commonly the standard people data integration is used as a base, but you build out multiple versions of it, one for each LDAP Directory. If the directories are located in different firewall zones/different companies/networks you will need to configure one so called Client Gateway per firewall zones/company/network to establish an encrypted tunnel between the Remedy servers in our datacenter and the LDAP directory. See: People data integration

      You could also extract the People Data from your LDAP directory into a csv-file and upload it to our datacenter using a ftp-site. After which the standard people dataload job can be modified to load the data from the csv file into Remedy. See: Managed file transfer process

      This is a standard activity taken care of by the onboarding team from BMC Consulting Services or a trusted partner, and is normally very straight forward.