This section contains information about enhancements in Remedy Single Sign-On version 19.11.
Remedy Single Sign-On enhancements
Remedy SSO 19.11 is available only to BMC Helix subscribers (SaaS).
Remedy SSO in multitenant mode
Starting with this release, Remedy SSO is supported in multitenancy mode in which a single application instance serves multiple tenants and guarantees data isolation between tenants. For more information about multitenancy for Remedy SSO, see Remedy SSO multitenancy.
By default, SaaS tenant is created when Remedy SSO server is installed. After upgrade, all configuration available on the Remedy SSO server belongs to a single default SaaS tenant. You can enable multitenancy for Remedy SSO server by adding customer tenants and configuring them as required. For information about how to add tenants, see Activating tenants.
Multitenancy for OAuth clients
OAuth 2.0 has been updated to support multitenancy for non-native clients. You can set a non-native client as multitenant by configuring the Multi-Tenant client and Tenant Name options for this client application. For more information about how to add non-native multitenant clients, see Configuring OAuth 2.0.
New roles and permissions for using Remedy SSO
After upgrade, all Remedy SSO administrators automatically become SaaS administrators.
As a SaaS administrator, you have full administrative permissions to configure the default SaaS tenant on the Remedy SSO server, create tenant administrator users, and configure customer tenants.
As a tenant administrator, you can log in to your tenant on the Remedy SSO server, and perform actions required to manage local users by realms. For more information about roles and permissions on the Remedy SSO server, see Roles and permissions.
In earlier versions of Remedy SSO, in order to revoke an end user session on the Remedy SSO server and prevent automatic login to the application after the page refresh, end users had to log out from all integrated with Remedy SSO applications that were sharing a current session of the end user. For more information about logout experience for end users, see Login and logout experience for end users.
Starting with release, Remedy SSO administrators can enable the Single Log Out option for a realm to configure a global logout across all applications that are sharing a user session created through this realm. For more details about this option, see Adding and configuring realms.
Remedy SSO has been enhanced to support Oracle SE 11 (LTS). For more information about system supportability, see System requirements.
What else changed in this release
In this release, note the following significant changes in the product behavior:
Product behavior in versions earlier than 19.11
Product behavior in version 19.11
A native client secret, which is generated when the native client is registered, can be changed at a later time.
There was no possibility to change a secret of a native client.
After registering an OAuth native client, the Remedy SSO administrator can edit the native client secret which is saved in the Native Client Secret field. For information about how to register a native client, see Configuring OAuth 2.0.
Remedy SSO administrators might need to edit the native client secret if they want to share the same secret between several OAuth native clients.
|The consent page is displayed only for OAuth non-native clients in an Authorization code flow in which an end user is involved.||The consent page was displayed when the OAuth client 2.0 was registered as a native client.||The consent page is not shown when an OAuth 2.0 client is registered as a native client.|
|Data transfer tool has been enhanced to import new entities.||Data transfer tool supported import of realms and OAuth clients.||In addition to the old behavior, the data transfer tool has been enhanced to support import of tenants. For more information about how you can import data from one server to another server, see Transferring data between Remedy SSO servers.|