This documentation supports the 22.1 version of BMC Helix Single Sign-On, which is available only to BMC Helix customers (SaaS). 

To view an earlier version, select the version from the Product version menu.

Configuring BMC Helix SSO for applications hosted on different domains

You configure multiple domain support so BMC Helix Single Sign-On can provide authentication for applications hosted on different domains. For example, your application is hosted in your company data center and the BMC Helix SSO server is hosted in another data center, such as a BMC data center. In this scenario, the BMC Helix SSO agent and server must act as an OpenID Client and OpenID provider respectively.


The following BMC Helix SSO features are not supported for the applications for which the BMC Helix SSO agent and server act as an OpenID client and OpenID provider respectively:

To allow applications hosted on different domains to use the same BMC Helix SSO server for authentication

  1. In the BMC Helix SSO Admin Console, register an application as an OAuth2 client. For information about how to configure the OAuth2 client, see Configuring OAuth 2.0

  2. Select the openid (Scope used for OpenID connect) check box to enable the OpenID scope for this client.

  3. Configure the token timeout for the OAuth client as follows:
    1. Set the OpenID Issuer URL. The value must correspond to the sso-external-url configured in the file.
    2. Configure the Access Token Timeout value for managing the user session time.
  4. Generate the JWK Id for OAuth flow.
  5. Copy the Client ID and Client Secret generated after registering the client as OAuth2 and save them.

  6. On a server with the BMC Helix SSO agent, configure the file as follows: 

    oauth-client-id=<Client ID>
    oauth-client-secret=<Client Secret>
  7. Save the file. 

    BMC Helix SSO is now configured for using OpenID connect.


    If you are using the Chrome browser version 80 and later, you must enable the cross-site cookie in the Advanced settings of the BMC Helix SSO server. For more information about this setting, see Configuring settings for the BMC Helix SSO server.

    You also need to enable this setting if you are using Chrome browser version 79 and earlier if you have the SameSite by default cookies option enabled for the browser. 

Was this page helpful? Yes No Submitting... Thank you