Authentication options
Your BMC Helix service entitles you to use the BMC Helix Single Sign-On (BMC Helix SSO) application. BMC Helix SSO is provisioned by default with your service. For BMC Helix SSO product-specific documentation, see
BMC Helix Single Sign-On overview
.
BMC Helix SSO is an authentication system for a multi software environment that enables users to present credentials for authentication only once. After BMC Helix SSO authenticates the user, the user can gain access to any other configured application with automatic authentication without providing the credentials again.
This section describes the authentication options that are supported by the BMC Helix services and includes the following information:
These options range from the intrinsic, basic authentication of the AR System platform to advanced, single sign-on capability. Authentication options can also be chained, which allows combinations of these approaches to match your specific requirements.
Summary of options
The following authentication options are available for BMC Helix services:
Standard AR authentication (BMC Helix ITSM and Digital Workplace services only) - the customer may configure users to use in-app authentication by configuring login IDs and passwords for each user. Specific user permissions may be required for different products. This method is not recommended for an enterprise deployment although it is used prior to the setup of a permanent authentication implementation.
Federated authentication - BMC supports Open ID Connect and SAML authentication for all productions. BMC SaaS Operations can assist in the configuration of OIDC or SAML based on your request. See Authentication integration for details.
LDAP pass-through authentication - this method uses common LDAP pass-through for all products. Multiple LDAP sources can be configured in the system if needed. Configuration of the LDAP pass-through authentication is usually covered by your onboarding team under a separate statement of work.
Important
- BMC's preferred method of authentication is the federated authentication option via OIDC or SAML 2.0. This option aligns with typical SaaS-based authentication mechanisms seen in the industry.
- Kerberos is not supported for BMC Helix services.
- Multi-factor authentication (MFA) is not supported by BMC Helix SSO because most customers bring their own IDPs, where any type of MFA like biometrics, modern password-less authentication, or a combination of these can be used.
Comments
The Double Authentication link seems to be broken
Also Configuring Remedy SSO for authenticating users with LDAP is broken
All links updated
I think the statement on MFA is misleading and it creates the impression that MFA cannot function with Helix. To suggest something is "not supported" is to suggest that it is something you should not consider implementing. I've had someone comment to me that they believed that MFA will not work with Helix due to this statement.
This is the wording on the same subject from the SSO docs page which is a lot clearer on how this works. We should consider rewording to something like the below..........
"Multi-factor authentication is not implemented on the BMC Helix SSO side. BMC Helix SSO only supports scenarios where the Identity Provider that is configured in BMC Helix SSO for authentication has configured multi-factor authentication.
For example, if your application is integrated with the BMC Helix SSO server that is configured to use the SAML protocol to authenticate users accessing an application, then for the end users to pass the authentication flow, multi-factor authentication must be enabled and configured on the SAML Identity Provider."
Good point Howard!
Log in or register to comment.