This documentation supports the 22.1 version of BMC Helix Single Sign-On, which is available only to BMC Helix customers (SaaS). 

To view an earlier version, select the version from the Product version menu.

Adding and configuring realms

As a BMC Helix Single Sign-On administrator, you add a realm for one or more application domains that need to be authenticated by using a single authentication method or a chain of several authentication methods.  

On the List of Realms page, available in the BMC Helix SSO Admin Console, you can add a new realm, or edit an existing realm if you need to add more application domains, change the authentication method for the realm, configure authentication chaining for the realm, or customize the branding page. You can also delete an existing realm when you no longer need it. 


When you delete a realm, all local users and local user groups associated with this realm are deleted as well. For information about local users and groups, see Managing local users and passwords.

The default realm

When a BMC Helix SSO server is installed, a default realm with a special character  "*" (asterisk) is available. The default realm is used for end-user authentication when BMC Helix SSO cannot identify a realm by the application URL sent in the HTTP request to the BMC Helix SSO server.

You can delete the default realm to prevent redirection to the default realm. When BMC Helix SSO cannot identify a realm, and the default realm is not available on the BMC Helix SSO server, an error message is displayed:  Realm not found.

To recreate the default realm, create a realm and set up the "*" (asterisk) for the Name and the Application Domains fields.

Before you begin

Before you add a realm, you must have the list of domain names that are required to be mapped with the realm ID.

To add a realm and configure an authentication for a realm

  1. On the Authentication tab, select a type of authentication, and fill in the required fields to configure the authentication type. For information about the authentication types, see Configuring authentication.
  2. (Optional) Perform one or more of the following steps to configure the realm as required:
    1. To transform a user ID to match the login ID, select a value from the User ID Transformation list on the Authentication tab. For information about the transformation types, see Transforming userID to match login ID.

    2. To configure BMC Helix SSO to open applications in iframes from different domains, complete the Allow From Domains field on the Authentication tab. For more information about this option, see Allowing BMC Helix SSO to open applications in iframes.

    3. To customize the login page of the realm, complete the required fields on the Branding tab. For more information about the branding options, see Rebranding the end user login page.

  3. Click Save.

To configure multiple authentications types for a realm

  1. Click the Enable Chaining Mode button on the Authentication tab, and then add and configure another authentication type for the realm. For more information about how to add authentication methods into a chain, see Enabling authentication chaining mode.


    You can configure only certain combinations of authentication types. For information about how you can chain authentications methods, see Authentication fallback and Reauthentication.

  2. (Optional) To enable authentication of users through the AR System over an external authentication, select the Enable AR authentication for bypass check box on the Authentication tab. For more information about this option, see Enabling AR authentication for bypassing other authentication methods.


    This option is not available for Local and AR authentication types.

  3. Click Save.

Was this page helpful? Yes No Submitting... Thank you