The authentication integration service allows customers to authenticate their BMC Helix environments by standard external authentication systems via the Security Assertion Markup Language (SAML) protocol and Open ID Connect flow.
Security Assertion Markup Language (SAML)
The following table describes when you might use specific authentication requests. You can choose to select this service during your initial onboarding project or at a later date by submitting a case through Support Central.
|Requestable offering name
|When to use this offering type
|SAML 2.0 SSO Federated Authentication Request
|Use this request to authenticate your Helix environments by using your existing standard authentication systems.
Configure external authentication with one of the following customer-preferred authentication sources:
- Security Assertion Markup Language (SAML) V2.0 using Active Directory Federation Services (ADFS) 2.0 or 3.0
- SAML V2.0 using a third-party product (for example, Ping Identity, Shibboleth, and so on)
If you are upgrading or changing your identity provider, you must submit a Request a Change to BMC SaaS Operations through your Support Central portal.
The development/tailoring, quality assurance, and production environments are all involved in the authentication process. Additional environments, if purchased, may be involved as well.
If you require BMC assistance for SAML-based authentication, you must submit your metadata file to BMC SaaS Operations via a support ticket. BMC will work with your technical contact to provide you with the service provider metadata that you must configure in your environment. This configuration requires active involvement with your authentication subject matter expert.
See Authentication options for a more detailed description of the available options.
OpenID Connect Authentication Flow
Add a realm for the OpenID Connect authentication and configure its general settings. Learn how to add and configure realms in .
To configure OpenID Connect authentication:
7. Click Save.
URLs to endpoints can include additional query parameters.