Unsupported content


This version of the product is in limited support. However, the documentation is available for your convenience. You will not be able to leave comments.

Remedy SSO architecture

This topic provides the basic model of the Remedy Single Sign-On architecture and describes the Remedy SSO components.

After integration with Remedy SSO, end users can securely authenticate with multiple BMC applications by using just one set of credentials. For example, Allen logs in to BMC Digital Workplace, browses a catalog and opens a knowledge article that contains a link to BMC Helix Business Workflows with more details about this article. Allen accesses BMC Helix Business Workflows without repeated credentials provision.

Remedy SSO architecture model 

The following diagram shows the Remedy Single Sign-On (Remedy SSO) architecture, and includes the following details:

  • Remedy Single Sign-On components
  • BMC applications that can be integrated with Remedy SSO
  • Third-party components

Remedy SSO architecture

Remedy SSO components

The following table provides information about the major components of Remedy SSO.


Remedy SSO web application

Authenticates users and gets validation requests from Remedy SSO agents. If authentication succeeds, the Remedy SSO web application generates authentication tokens and stores them in the Remedy SSO database. The Remedy SSO web application then processes the authentication response by allowing or denying the authentication request.

Remedy SSO database

Remedy SSO uses the database for storing the following details:

  • Configuration and authentication data including server settings, tenants, realms and authentication configuration, OAuth settings, etc.
  • Sessions data such as Remedy SSO authentication tokens, OAuth access, and refresh tokens.

With one database, all Remedy SSO server nodes can share the configuration and authentication data and work as a high-availability cluster.

Remedy SSO Admin Console

Provides an interface for accessing the Remedy SSO web application. Remedy SSO administrators perform tasks required to set up authentication and configure the Remedy SSO server from the Remedy SSO Admin Console.

Identity provider (IdP)

Stores users and user groups information.

Identity providers are external systems, such as Active Directory, Okta, Oracle Access.

Remedy SSO components required for integration with BMC applications

To achieve successful integration with BMC applications, ensure that you have configured the following Remedy SSO components:


Remedy SSO agent

Filters protected resources from unauthenticated requests. When the Remedy SSO agent detects an unauthenticated request, it redirects the user to the Remedy SSO server web application. The agent defines the right realms for the users depending on their domains. It also defines the right server to communicate in a multi server environment.

BMC Mid Tier Remedy SSO authenticator plug-in

Validates the token from the user request and extracts user information from the context. It then passes the information to the Remedy AR System through the BMC Remedy Mid Tier authentication infrastructure. The authentication request is then processed on the Remedy AR System side by the Remedy SSO AREA plug-in.

Remedy SSO AREA plug-in

Gets user information from the BMC Remedy Mid Tier API call as an authentication token and then makes a REST API call to the Remedy SSO web application to verify the token's validity.

Was this page helpful? Yes No Submitting... Thank you