This documentation supports the 22.1 version of BMC Helix Single Sign-On, which is available only to BMC Helix customers (SaaS). 

To view an earlier version, select the version from the Product version menu.


This glossary defines terms that are relevant to BMC Helix Single Sign-On. Because the content comes from the Common Glossary, it might include definitions common to other BMC products and solutions.

Most commonly used terms in BMC Helix SSO

A user who has access to the BMC Helix SSO Admin Console.

A collection of user actions during a certain period of time. In BMC Helix SSO, you can enable audit for end-user and administrator actions.

A process of recognizing a user's identity. When users specify their credentials and successfully log in to the system, they are authenticated. Authentication defines who the user is.
A flow that is used to authenticate users. An authentication method affects the log-in and log-out experience. The examples of the authentication methods in BMC Helix SSO are Kerberos, LDAP, OpenID Connect, etc.
A process of giving someone permissions to access an area within a computer system. Authorization defines what users can access.
A fallback mechanism that enables you to invoke extra authentication methods if the primary authentication fails.
Serves as a centralized location for users to access the BMC applications integrated with BMC Helix SSO. The previous name of the DSM pageLaunchpad.
An identification string that defines a realm of administrative autonomy, authority, or control within the internet. For example, .com.

The term end user refers to everyone who logs in to the application integrated with BMC Helix SSO, including local users.

domain name that specifies the exact location of the domain in the tree hierarchy of the Domain Name System (DNS). For example,

A configuration that implies communication between multiple BMC Helix SSO servers and one or more applications through a load balancer. The load balancer reduces the load on the BMC Helix SSO servers and supports continuous working of BMC Helix SSO if one or more BMC Helix SSO servers are not available.

A third-party system that provides users. The example of the IdP in BMC Helix SSO is Active Directory.

A network authentication protocol that works on the basis of tickets to allow nodes that communicate over a non-secure network to prove their identity to one another in a secure manner. 

The term local user (local user or local administrator) refers to a user who is created and stored locally on the BMC Helix SSO server, not on an external identity provider.

A software architecture in which a single application instance serves multiple tenants and provides data isolation between tenants. In BMC Helix SSO, a tenant that has a full access to the BMC Helix SSO application and configuration of other tenants is called the SaaS tenant.

A security component of BMC Helix SSO that takes part in an authentication process. A realm defines whether a user is authenticated through the identity provider, and provides this data to the application. A realm is specific only for BMC Helix SSO. Realms must be created and configured separately for each tenant.

A standalone BMC product that enables users to log in to multiple applications within an organization by using a single ID and password. The main components of BMC Helix SSO are the BMC Helix SSO agent and the BMC Helix SSO server.

A component of BMC Helix SSO that sets up an integration between the BMC Helix SSO application and other BMC applications.

A user who has full rights to create, activate, delete, or temporarily deactivate other SaaS administrators, tenant administrators, and tenants in BMC Helix SSO. Users with this role can view and change the configuration of any tenant registered on the BMC Helix SSO server.

An XML based framework for describing and exchanging security information between online business partners. In BMC Helix SSO, SAML is used as an authentication protocol.
In the BMC Helix SSO context, BMC Helix SSO functions as a service provider and uses the data provided by the identity provider to authenticate a user. 
A period of time during which a user is allowed to access the resource without re-entering the credentials. When BMC Helix SSO authenticates the user, a session is created.

Configuration that implies communication between one BMC Helix SSO server and multiple BMC Helix SSO agents.

A configuration instance that has its own share of data and functionality. Tenants are fully isolated from each other, but they are saved on the same BMC Helix SSO server. An example of a tenant is a separate BMC customer. For example, Bank of America and Bank of Canada are BMC customers who share a common BMC Helix SSO instance, but are conceptually separated as tenants on the BMC Helix SSO server.
A user who has full rights to manage local users for realms in their tenant.

The term user refers to everyone, including local users, local administrators, and end users.

Was this page helpful? Yes No Submitting... Thank you