Configuring Local User Management authentication

This topic provides information about Local User Management Authentication. It contains the following topics:

Local User Management authentication

Local Users Management authentication is a simple light-weight user store which is not supposed to be a corporate-wide authentication provider. It is not designed as a high performance authentication provider to support group policies, password expiration, and so on. It allows creating realm specific user stores which can be used for different purposes. For example, in multi-tenant environments, it can be used to configure admin privileges for different tenants using different user accounts belonging to appropriate realms. 

Typical use cases for Local User Management authentication:

• when using local users for applications requiring several user accounts
• when corporate identity providers are not available
• for testing purposes

You should consider other authentication types in case you are designing corporate-wide authentication for a high workload.

Local User Management workflow

Remedy Single Sign-On (Remedy SSO) provides you the facility to authenticate local users. A local user represents an individual user who accesses the protected application. The local users are assigned to groups (roles). Groups (roles) represents the groups or roles in your organization and is used to control user access to a BMC application. 

If a BMC application supports using Remedy SSO for local user authentication, then you should perform the following tasks in Remedy SSO:

• Add local users to the appropriate realm.
• Create the groups (roles) needed by your organization.
• Assign users to the appropriate groups (roles).
• Configure Remedy SSO to use local user management authentication.

Managing Users using Local User Management

The Local User Management window allows to you add local users and groups (roles) to a realm. In addition, you can also assign users to groups (roles).

You can add, search for, edit, and delete users. You can also change user passwords.

To add a user using Local User Management

1. Log in to the Remedy SSO Admin console.

2. Click the Local User Management tab > Users.

3. For Users, from the Realm drop down list, select a realm.

4. Click Add User.

5. Complete the following fields:

   Field	Description
   Login Name	Enter the user's login name. The Login name is case insensitive. Note: You cannot modify the login name after it is created.
   User Name	Enter the user's full name.
   Password	Enter the user's password. The password length must be minimum 8 characters. There are no requirements for password complexity. Do not use space as the first or the last character of the password. Spaces are allowed between the first and the last character.
   Confirm Password	Reenter the user's password.
   Description (Optional)	Provide a description of the user.
   Enabled (Optional)	Select this option to enable or disable a user in the BMC application. If you disable a user, ensure that you invalidate the old sessions or OAuth2 tokens (if any) of the user. For more information, see Invalidating and configuring end user sessions.

6. Click Add.

To edit a user using Local User Management

1. Log in to the Remedy SSO Admin console.

2. Click the Local User Management tab > Users.

3. For Users, from the Realm drop-down list, select a realm.

4. Locate the user and click Edit in the Action column.

   Note

   If you disable the user who is currently logged into a BMC application, the user remains logged in. Ensure that you invalidate the old sessions or OAuth2 tokens (if any) of the user. For more information, see Invalidating and configuring end user sessions.

5. Make your changes and click Save.

To delete a user using Local User Management

1. Log in to the Remedy SSO Admin console.

2. Click the Local User Management tab > Users.

3. For Users, from the Realm drop-down list, select a realm.

4. Locate the user, click Delete in the Action column, and confirm the deletion.

To change the user password 

1. Log in to the Remedy SSO Admin console.

2. Click the Local User Management tab > Users.

3. For Users, from the Realm drop-down list, select a realm.

4. Locate the user and click Change Password in the Action column.
5. Enter the new password, then enter the password again in the Confirm Password field.
6. Click Change Password.
7. Invalidate the old user sessions and OAuth2 tokens (if any).

To search for a user

1. Log in to the Remedy SSO Admin console.

2. Click the Local User Management tab > Users.

3. In the Users tab search field enter the search criteria using the following format and then press Enter.
   text=<searchText/*> AND enabled=<true/false/*>

The following table describes how to use the search criteria:

Managing Groups or Roles

From the Group (Roles) tab, you can add groups (roles) to a realm, add users to groups (roles), and remove users from groups (roles).

To add group (roles) to a realm

1. Log in to the Remedy SSO Admin console.
2. Click the Local User Management tab > Group (Roles).
3. For Group (Roles), from the Realm drop down list, select a Realm.

4. Click Add Group (Role).

5. Complete the following fields:

   Field	Description
   Group (Role) Name	Enter the group (role) name. Notes: Do not use a slash (/ or \) in the group name. You cannot modify the group (role) name after it is created.
   Description	Enter a description for the group (role) name.

6. Click Save in the Action column.

To add users to or remove users from a role

1. Log in to the Remedy SSO Admin console.
2. Click the Local User Management tab > Group (Roles).
3. For Group (Roles), from the Realm drop down list, select a Realm.
4. Locate the group (role) and click Assign/Remove User(s) in the Action column.
5. Use the appropriate procedure to assign or remove users to or from the group (role).
   
   • To assign users to a group (role)
     
     • In the Available Users column, select one or more users and click Assign to move the users to the Assigned users column.
     • To assign all users in the list, select the top check box in the Available users column, and click Assign to move the users to the Assigned users column.
     • Search for users in the Search field of the Available users column, select them, and click Assign to move them to the Assigned users column.
   • To remove users from a group (role)
     
     • In the Assigned User column, select one or more users and click Remove to move the users to the Available users column.
     • To remove all users in the list,select the top check box in the Assigned users column, and click Remove move the users to the Available users column.
     • Search for users in the Search field of the Assigned users column, select them, and click Remove to move them to the Available users column.
6. Click Done.

To configure Remedy SSO for Local User Management Authentication

1. In the left navigation panel of the Add Realm or Edit Realm page, click Authentication.

2. In the Authentication Type field, click Local.

3. (Optional) Select the Enable AR authentication for bypass check box to enable bypass URL to authenticate against BMC Remedy AR System. For more information about enabling BMC Remedy AR System authentication for bypass, see Enabling AR authentication for bypassing other authentication methods.
4. Click Enable Chaining Mode to add another Authentication type. As Local Users Management (LUM) authentication is a simple light-weight user store, BMC suggests adding another authentication type to handle high workloads.
   
   

Related topics

Managing permissions

Installing the repository