This documentation supports the 19.05 version of Remedy Single Sign-On.

To view an earlier version, select the version from the Product version menu.

Remedy SSO architecture

This topic provides the basic model of the Remedy Single Sign-On architecture and describes the Remedy SSO components.

Remedy SSO architecture model 

The following diagram shows the Remedy Single Sign-On (Remedy SSO) architecture, and includes the following details:

  • Remedy Single Sign-On components
  • BMC applications that can be integrated with Remedy SSO
  • Third-party components

Remedy SSO architecture

End users access applications for which single sign-on experience is enabled. 

Remedy SSO components

The following table provides information about the major components of Remedy SSO.


Remedy SSO web application

Authenticates users and gets validation requests from Remedy SSO agents. If authentication succeeds, the Remedy SSO web application generates authentication tokens and stores them in the Remedy SSO database. The Remedy SSO web application then processes the authentication response by allowing or denying the authentication request.

Remedy SSO database

Remedy SSO uses the database for storing the following details:

  • Configuration and authentication data including server settings, tenants, realms and authentication configuration, OAuth settings, etc.
  • Sessions data such as Remedy SSO authentication tokens, OAuth access, and refresh tokens.

With one database, all Remedy SSO server nodes can share the configuration and authentication data and work as a high-availability cluster.

Remedy SSO Admin Console

Provides an interface for accessing the Remedy SSO web application. Remedy SSO administrators perform tasks required to set up authentication and configure the Remedy SSO server from the Remedy SSO Admin Console.

Identity provider (IdP)

Stores users and user groups information.

Identity providers are external systems, such as Active Directory, Okta, Oracle Access.

Remedy SSO components required for integration with BMC applications


Remedy SSO agent

Filters protected resources from unauthenticated requests. When the Remedy SSO agent detects an unauthenticated request, it redirects the user to the Remedy SSO server web application. The agent defines the right realms for the users depending on their domains. It also defines the right server to communicate in a multi server environment.

BMC Mid Tier Remedy SSO authenticator plug-in

Validates the token from the user request and extracts user information from the context. It then passes the information to the Remedy AR System through the BMC Remedy Mid Tier authentication infrastructure. The authentication request is then processed on the Remedy AR System side by the Remedy SSO AREA plug-in.

Remedy SSO AREA plug-in

Gets user information from the BMC Remedy Mid Tier API call as an authentication token and then makes a REST API call to the Remedy SSO web application to verify the token's validity.

Was this page helpful? Yes No Submitting... Thank you