Authentication integration

The authentication integration service allows customers to authenticate their BMC Helix environments by standard external authentication systems via the Security Assertion Markup Language (SAML) protocol and Open ID Connect flow.

 Security Assertion Markup Language (SAML)

The following table describes when you might use specific authentication requests. You can choose to select this service during your initial onboarding project or at a later date by submitting a case through Support Central.

Requestable offering nameWhen to use this offering type
SAML 2.0 SSO Federated Authentication RequestUse this request to authenticate your Helix environments by using your existing standard authentication systems.

Configure external authentication with one of the following customer-preferred authentication sources:

  • Security Assertion Markup Language (SAML) V2.0 using Active Directory Federation Services (ADFS) 2.0 or 3.0
  • SAML V2.0 using a third-party product (for example, Ping Identity, Shibboleth, and so on)

If you are upgrading or changing your identity provider, you must submit a Request a Change to BMC SaaS Operations through your Support Central portal.


The development/tailoring, quality assurance, and production environments are all involved in the authentication process. Additional environments, if purchased, may be involved as well.

Required documentation

If you require BMC assistance for SAML-based authentication, you must submit your metadata file to BMC SaaS Operations via a support ticket. BMC will work with your technical contact to provide you with the service provider metadata that you must configure in your environment. This configuration requires active involvement with your authentication subject matter expert.

See Authentication options for a more detailed description of the available options.

OpenID Connect Authentication Flow

Add a realm for the OpenID Connect authentication and configure its general settings. Learn how to add and configure realms in Adding and configuring realms Open link .

To configure OpenID Connect authentication:

7. Click Save.


URLs to endpoints can include additional query parameters. 

Was this page helpful? Yes No Submitting... Thank you


  1. Nevenka Missaghian

    As a BMC Helix Saas customer - I do not have access BMC Helix SSO Admin Console. But when I go to submit a Case Lifecycle request - Authentication Integration (SAML) I'm to upload an attachment. It would be helpful if BMC supplied a template that should be filled out.

    Jan 30, 2023 04:40
    1. Dhanya Menon

      Hello Nevenka,

      Thank you for your comment.

      For SAML Authentication, customers are expected to share the IdP metadata file. This IdP metadata is to be generated from their end and shared with BMC.



      Feb 03, 2023 12:54