The following diagram illustrates the concept of multitenancy in BMC Helix SSO:
Tenants in this diagram represent configuration instances fully isolated from each other but physically saved on the same BMC Helix SSO server.
The SaaS tenant is a predefined tenant available on the BMC Helix SSO server. You cannot delete or modify the SaaS tenant. We do not recommend using the SaaS tenant for data segregation.
You can perform the following actions in the SaaS tenant:
Configure an OAuth client as multitenant client. For information about how to configure an OAuth client as multitenant, see Configuring OAuth 2.0. This feature is not supported in Helix deployment.
Tenant 1 and Tenant 2 are tenants of the same BMC Helix SSO server created by a SaaS administrator user. Tenant 1 administrator user can log in to the Admin Console of Tenant 1 and make changes to its configuration, and Tenant 2 administrator user can log in to the Admin Console of Tenant 2 and make changes to its configuration.
Only local user management options are available in the Admin Console of a tenant.
The SaaS administrator users can access the configuration of any tenant on the BMC Helix SSO server by switching to the Admin Console of a selected tenant.