Page tree
Skip to end of metadata
Go to start of metadata

Solution administrators of service provider organizations can set up separate realms for their subscribers (tenants) in Atrium Single Sign-On. Solution administrators for enterprise environments can also take advantage of Atrium Single Sign-On's multitenancy support by setting up separate tenants for each department. 

Each tenant inherits the authentication properties of the user groups, roles, and authorization profiles of the BmcRealm.

Before you begin

You must have installed Atrium Single Sign-On. 

BMC Atrium Single Sign-On resources

This topic provides an overview of the steps required to set up multi-tenancy. For more detailed information, see the following topics in the Atrium Single Sign-On documentation:

Installing Atrium Single Sign-On

Enabling and disabling multi-realm support

Adding or deleting realms for multi-tenancy support

To enable multitenancy in Atrium Single Sign-On

To enable multi-tenancy in Atrium Single Sign-On, you must change the value of the allow.tenant.admin and skip.tenant.domain.check parameters to true

  1. On the server where Atrium Single Sign-On is installed, stop the Tomcat server. 
  2. Navigate to the following directory, and open the web.xml file in a text editor: \installationDirectory\tomcat\webapps\atriumsso\WEB-INF\web.xml
  3. Update the values of the two parameters to true, and save the file: 


  4. Restart the Tomcat server.

To add a new tenant

  1. Using the amAdmin user credentials, log in to the Atrium SSO console.

  2. Access the Realm section, and select Add Realm.

  3. Enter the name to assign to the tenant realm and its domain, and click Save.

  4. Create a user in the tenant domain:
    1. Select the new realm that you just created, and select the Users tab.
    2. Select the Add button, and fill in the user ID and properties associated with that user.
    3. Select the Groups tab, and associate the user with the BMCTenantAdmin group.
    4. Click Save.

This new user can now log into the TrueSight console. During login, the user enters userName@domain for the user name.