Phased rollout


This version of the software is currently available only to early adopter SaaS customers as the first step in our phased rollout.

21.02 enhancements

Review the BMC Helix Single Sign-On 21.02 enhancements for features that will benefit your organization and to understand changes that might impact your users.

Related topics

Known and corrected issues

Release notes and notices

21.02 enhancements Open link

BMC Helix Single Sign-On enhancements

Ability to lock a local user account after unsuccessful login

A BMC Helix SSO administrator can enable account lockout if a local user enters incorrect credentials. As a BMC Helix SSO administrator, you can configure the lockout threshold and lockout interval. The locked user can be unlocked by the BMC Helix SSO administrator or automatically. For more information, see Managing local users and passwords.

Ability to force local users to reset password

As a BMC Helix SSO administrator, you can force local users to reset their password after they successfully log in to the BMC application integrated with BMC Helix SSO. For more information, see Managing local users and passwords.

What else changed in this release

In this release, note the following significant changes in the product behavior:


Product behavior in versions earlier than 21.02

Product behavior in version 21.02

Enhanced security for the BMC Helix SSO server.

Secure cookie was disabled by default.

Secure cookie is enabled by default; see Configuring settings for the BMC Helix SSO server.

A configurable option to allow a SAML session to finish simultaneously with the BMC Helix SSO session.

For the SAML authentication type, the session remained active even after the BMC Helix SSO session was over.

Option to end a SAML and BMC Helix SSO sessions simultaneously is enabled by default. For details, see

Configuring SAML 2.0 authentication.

Description field is available for the Preauthentication value of the Authentication type.No Description field was present for the Preauthentication value of the Authentication type.

Description field is displayed on the Preauthentication form by default; see Configuring preauthentication.

Ability to set custom time-out values for tokens.Token time-outs were set according to Auth global access by default.

Time-out for tokens is configurable; see Configuring OAuth 2.0.

Ability to perform authenticated sessions between applications in different security domains.Usage of several applications was restricted to those that have one common domain.Authentication is available in several applications that have different domains.

Deprecation of support for Microsoft Internet Explorer 11.

BMC Helix SSO supported Microsoft Internet Explorer 11.

As announced, support for Microsoft Internet Explorer version 11 is now deprecated. We encourage you to switch to other fully supported browsers listed for BMC Helix SSO in the BMC Solution and Product Availability and Compatibility utility Open link . For a complete list of BMC products that no longer support Internet Explorer 11, see the BMC Customer Support Communities page Open link .

Was this page helpful? Yes No Submitting... Thank you