22.1 enhancements and patches
Review the BMC Helix Single Sign-On 22.1 enhancements for features that will benefit your organization and to understand changes that might impact your users.
BMC Helix Single Sign-On enhancements
Revamped BMC Helix SSO Admin Console user interface
You can now use the unified and intuitive BMC Helix SSO Admin Console user interface built on the BMC Adapt framework. As part of the revamped web application, you can apply dark mode to a product name. For more information, see Rebranding the end user login page.
New login page
Disable BMC Helix SSO cookie sharing in a single domain
Block access to the BMC Helix SSO cookie from other applications on the same host by restricting the scope to the
/rsso path attribute. This limitation prevents unauthorized access to the cookie, which boosts security. The path-specific cookie is enabled in the BMC Helix SSO Admin Console. For more information, see Configuring settings for the BMC Helix SSO server.
Verify access tokens issued by external clients
As a SaaS administrator, you can enable Auth Proxy, which acts as an OAuth client, to validate access tokens issued for external clients. For more information about OAuth clients, see Configuring OAuth 2.0.
Generate auto refreshable access tokens
Configure the BMC Helix SSO agent to generate auto refreshable tokens that enable infinite user session that remain active for a specific timeout. These tokens are available for configuration in the BMC Helix SSO agent and on the server via the BMC Helix SSO Admin Console. For more information, see Automatically extending OAuth 2.0 user sessions by enabling refresh tokens.
What else changed in this release
In this release, note the following significant changes in the product behavior:
Product behavior in versions earlier than 22.1
Product behavior in version 22.1 and later
|The JSON inputs for the self-service configuration option were updated with new fields and check boxes (IdPs). This improvement was made within the scope of the BMC Helix Digital Workplace Admin Console user interface built on the BMC Adapt framework.
|A self-service configuration UI was implemented as a field for JSON input.
A self-service configuration UI represents updated fields and accessible check boxes.
|A SaaS administrator with restricted and read-only access can modify the server log level in the tenant.
|Modifying the server log level was available only for the SaaS administrator with full permissions.
|Modifying the server log level is also available for SaaS administrators with restricted and read-only access.