This documentation supports the 20.02 version of Remedy Single Sign-On.

To view an earlier version, select the version from the Product version menu.

Configuring LDAP authentication

You can configure Remedy SSO server to authenticate end users through the Lightweight Directory Access Protocol (LDAP). You can also configure LDAP authentication for external administrators, see Configuring the Remedy SSO server for details.

Remedy SSO supports strong LDAP bind with Simple Authentication and Security Layer (SASL). In SASL, a challenge-response authentication protocol enables data exchange between the client and the server. Data exchange supports authentication and establishes a security layer for communications.

LDAP v3 also uses SASL for pluggable authentication. By using pluggable authentication, you can select an authentication mechanism that enables a strong bind. For example, a mechanism such as External with SSL and client certificate establishes a strong bind. The mechanism gets the client certificate from the client (browser), and passes it to Remedy SSO server. The client certificate is then used to create an SSL connection to the LDAP server.

Remedy SSO supports providing additional information about LDAP users and groups. The additional information can be used by an integrated application such as TrueSight Orchestration (formerly BMC Atrium Orchestrator) for administration and authorization.


Remedy SSO does not follow LDAP referrals. 

Related blogs in BMC Communities

Single Sign-On LDAP authentication

Before you begin

  • Add a realm for LDAP authentication. For information about how to add a realm, see Adding and configuring realms.
  • You must have the LDAP server configured.
  • Obtain the following information from the LDAP administrator:

    • Host name of the LDAP server
    • Port number of the LDAP server
    • Distinguished name of the bind LDAP user
    • Password of the bind LDAP user
    • Starting location within the LDAP directory for performing user searches
    • User attribute on which search is performed.
  1. (Optional) Click Test to verify the settings.

Related videos

Watch the video on how to configure LDAP in Remedy SSO.


The following video shows an older version of Remedy SSO. Although there might be minor changes in the user interface, the overall functionality remains the same.

Where to go from here

To enable authentication chaining mode for the realm, see Enabling authentication chaining mode.

To enable AR for bypassing authentication, see Enabling AR authentication for bypassing other authentication methods.

To transform the User ID value, see Transforming User ID to match Login ID.

Was this page helpful? Yes No Submitting... Thank you


  1. Jason Miller

    Both this page and the video show using a domain administrator account which is terrible practice. Most organizations require a very low level of permissions to bind and search their LDAP directory. Using an admin is overkill and dangerous.

    Jul 14, 2020 10:36
    1. Olha Horbachuk

      Hi Jason Miller. Thank you for commenting on this.

      Please configure Bind DN as in the example: CN=User, CN=Users, DC=example, DC=com. Updated the docs correspondingly.



      Jul 17, 2020 01:56