Phased rollout


This version is currently available to SaaS customers only. It will be available to on-premises customers soon.

With BMC Helix Single Sign-On, your end users can present credentials for authentication only once in a multi software environment. Administrators enable single sign-on experience for applications, configure authentication methods, and review audit records.

Release notes and notices
updated 26 Feb

Learn what’s new or changed for BMC Helix Single Sign-On version 21.05 including new features, urgent issues, documentation updates, and fixes or patches.


To stay informed of changes to this space, place a watch on this page.

The following updates have been added since the release of the space:




May 27, 2021

BMC Helix SSO 21.05 introduces the following features:

    • Enhanced single logout

    • Support refresh tokens for OpenID Connect clients
    • Support for the Polish language
    • Ability to select a client authentication method for the token request

Setting up BMC Helix SSO administrator accounts


Manage user accounts who will have access to BMC Helix SSO.

Configuring the BMC Helix SSO server


Configure the maximum session time for end users, enable the account lockout for administrators and audit records.

Setting up end user authentication


Configure authentication of end users through a specified authentication method.



Set up administrator accounts, activate tenants, and secure sensitive data.



Resolve common issues or errors, review logs, or contact BMC Customer Support.

Product trials

Product trials



Knowledge Base

Knowledge Base



PDFs and videos

This topic describes and links to PDFs, videos and other documents that support this product release. If the ready-made PDFs of this space do not satisfy your requirements, you can export a custom PDF.


When you export a custom PDF, you can select the topics to include. For information about how you can export a custom PDF from this space, see Exporting to PDF and other formats.

Ready-made PDFs of this space

or register to view the contents of this page.


The following table lists topics that contain videos that supplement or replace the text-based documentation.


Frequently asked questions

Here are some answers to the most frequently asked questions about the BMC Helix Single Sign-On product.

Related topics

Frequently asked questions about BMC Helix Single Sign-On

Identity providers do not automatically notify BMC Helix SSO about the password change. Hence, an end user's BMC Helix SSO session remains active until it expires, and is not revoked after password change on IdP. To force the logoff, and receive the request for entering a new password, an end user needs to ask a BMC Helix SSO administrator to delete all active sessions/OAuth of this end user.

You can change your password in the BMC Helix SSO Admin Console, in the Admin User Management. To change your password, select your user account name, and then edit your password as required. See Setting up BMC Helix SSO administrator accounts for more details about how to change the password of an administrator.

You can obtain the BMC Helix SSO server version information through the <RSSO Server>/config/server-status URL. You must be authenticated as a BMC Helix SSO administrator before that.

Yes, you can do this.

If the OpenID Issuer URL is configured for the OAuth 2.0, developers of third-party applications can retrieve the OAuth metadata from the BMC Helix SSO server by using the following autodiscovery URL: RSSO_host:RSSO_port/rsso/.well-known/openid-configuration.

Running this request in the browser window returns details about the OpenID Connect provider's configuration, including the URIs of the authorization, token, revocation, userinfo, and public-keys endpoints.

Multi-factor authentication is not implemented on the BMC Helix SSO side. BMC Helix SSO only supports scenarios where the Identity Provider that is configured in BMC Helix SSO for authentication has configured multi-factor authentication.

For example, if your application is integrated with the BMC Helix SSO server that is configured to use the SAML protocol to authenticate users accessing an application, then for the end users to pass the authentication flow, multi-factor authentication must be enabled and configured on the SAML Identity Provider.


You can enable audit records for end-user events in the BMC Helix SSO Admin Console > General > Advanced > select the End-user events check box.


Was this page helpful? Yes No Submitting... Thank you