Glossary

This glossary defines terms that are relevant to BMC Helix Single Sign-On. Because the content comes from the Common Glossary, it might include definitions common to other BMC products and solutions.

Most commonly used terms in BMC Helix SSO

A user who has access to the BMC Helix SSO Admin Console.

A collection of user actions during a certain period of time. In BMC Helix SSO, you can enable audit for end-user and administrator actions.

A process of recognizing a user's identity. When users specify their credentials and successfully log in to the system, they are authenticated. Authentication defines who the user is.
A flow that is used to authenticate users. An authentication method affects the log-in and log-out experience. The examples of the authentication methods in BMC Helix SSO are Kerberos, LDAP, OpenID Connect, etc.
A process of giving someone permissions to access an area within a computer system. Authorization defines what users can access.
A fallback mechanism that enables you to invoke extra authentication methods if the primary authentication fails.
Serves as a centralized location for users to access the BMC applications integrated with BMC Helix SSO. The previous name of the DSM pageLaunchpad.
An identification string that defines a realm of administrative autonomy, authority, or control within the internet. For example, .com.

The term end user refers to everyone who logs in to the application integrated with BMC Helix SSO, including local users.


domain name that specifies the exact location of the domain in the tree hierarchy of the Domain Name System (DNS). For example, www.docs.bmc.com.

A third-party system that provides users. The example of the IdP in BMC Helix SSO is Active Directory.


A network authentication protocol that works on the basis of tickets to allow nodes that communicate over a non-secure network to prove their identity to one another in a secure manner. 


The term local user (local user or local administrator) refers to a user who is created and stored locally on the BMC Helix SSO server, not on an external identity provider.


A security component of BMC Helix SSO that takes part in an authentication process. A realm defines whether a user is authenticated through the identity provider, and provides this data to the application. A realm is specific only for BMC Helix SSO. Realms must be created and configured separately for each tenant.

A standalone BMC product that enables users to log in to multiple applications within an organization by using a single ID and password. 

A user who has full rights to create, activate, delete, or temporarily deactivate other SaaS administrators, tenant administrators, and tenants in BMC Helix SSO. Users with this role can view and change the configuration of any tenant registered on the BMC Helix SSO server.

An XML based framework for describing and exchanging security information between online business partners. In BMC Helix SSO, SAML is used as an authentication protocol.
In the BMC Helix SSO context, BMC Helix SSO functions as a service provider and uses the data provided by the identity provider to authenticate a user. 
A period of time during which a user is allowed to access the resource without re-entering the credentials. When BMC Helix SSO authenticates the user, a session is created.

A configuration instance that has its own share of data and functionality. Tenants are fully isolated from each other, but they are saved on the same BMC Helix SSO server. An example of a tenant is a separate BMC customer. For example, Bank of America and Bank of Canada are BMC customers who share a common BMC Helix SSO instance, but are conceptually separated as tenants on the BMC Helix SSO server.
A user who has full rights to manage local users for realms in their tenant.

The term user refers to everyone, including local users, local administrators, and end users.

Was this page helpful? Yes No Submitting... Thank you

Comments