This documentation supports the 22.1 version of BMC Helix Single Sign-On, which is available only to BMC Helix customers (SaaS). 

To view an earlier version, select the version from the Product version menu.

OpenID Connect authentication

BMC Helix Single Sign-On provides the OpenID Connect authentication method which is built on top of the OAuth 2.0 protocol. Clients use the OpenID Connect authentication to check the identity of users. The identification is based on the authentication done at the authorization server.

OpenID Connect authentication flow

OpenID Connect authentication involves the following processes:

  1. The registered client (BMC Helix SSO) sends the authorization request to the OpenID Connect provider.
  2. The OpenID Connect provider authenticates the end user and redirects the authorization code to BMC Helix SSO.
  3. BMC Helix SSO sends a request with the authorization code to get the access token from the OpenID Connect provider.
  4. BMC Helix SSO forwards the access token to the OpenID Connect provider and requests for information about the end user.
  5. The OpenID Connect provider forwards information about the end user to BMC Helix SSO.
  6. BMC Helix SSO creates a user session.
Was this page helpful? Yes No Submitting... Thank you

Comments