This documentation supports the 22.1 version of BMC Helix Single Sign-On, which is available only to BMC Helix customers (SaaS). 

To view an earlier version, select the version from the Product version menu.

BMC Helix SSO multitenancy

BMC Helix Single Sign-On supports multitenancy where a single application instance serves multiple tenants and guarantees data isolation between tenants. In a multitenant mode, each tenant has its own configuration with its own list of realms, BMC Helix SSO server settings, OAuth client, sessions, administrator users, and so on.  

As a SaaS administrator, you might need to configure multiple tenants for BMC Helix SSO to isolate data within a single instance of BMC Helix SSO.


The following diagram illustrates the concept of multitenancy in BMC Helix SSO:


Tenants in this diagram represent configuration instances fully isolated from each other but physically saved on the same BMC Helix SSO server.

The SaaS tenant is a predefined tenant available on the BMC Helix SSO server. You cannot delete or modify the SaaS tenant. We do not recommend using the SaaS tenant for data segregation. 

Important

You can perform the following actions in the SaaS tenant:

Tenant 1 and Tenant 2 are tenants of the same BMC Helix SSO server created by a SaaS administrator user. Tenant 1 administrator user can log in to the Admin Console of Tenant 1 and make changes to its configuration, and Tenant 2 administrator user can log in to the Admin Console of Tenant 2 and make changes to its configuration.

Important

Only local user management options are available in the Admin Console of a tenant.

The SaaS administrator users can access the configuration of any tenant on the BMC Helix SSO server by switching to the Admin Console of a selected tenant.

Was this page helpful? Yes No Submitting... Thank you

Comments