This documentation supports the 19.11 version of BMC Remedy Single Sign-On, which is available only to BMC Helix subscribers (SaaS).

To view an earlier version, select the version from the Product version menu.


When you have Remedy Single Sign-On server installed or upgraded, and Remedy Single Sign-On agent installed for all integrated applications, you can proceed with administering tasks. 

This section contains information about configuring Remedy SSO for various authentication types, and other administrative tasks such as configuring branding details or viewing user sessions.

Administering tasks for Remedy SSO subscribers

The following task applies to you if you have the permissions of a tenant administrator on the Remedy SSO server: 

Create, edit and delete users and groups for realms with local authentication type

Configuring Local authentication

Administering tasks for Remedy SSO on-premises users

The following tasks apply to you if you have the permissions of a SaaS administrator in the Remedy SSO Admin Console: 


Create internal administrators (SaaS administrators and tenant administrators) with access to the Remedy SSO Admin Console.

Setting up Remedy SSO administrator accounts

Set up multiple tenants on the Remedy SSO server.

Activating tenants

Configure the following settings on the Remedy SSO server:

  • General settings—cookie domain, session settings, and server logging
  • Advanced settingscookie name, service URL, and service provider options for SAML authentication
  • Admin authentication settings—Enable authentication for internal administrator users, and configure access toRemedy SSO Admin Console for users from an external LDAP directory.
Configuring the Remedy SSO server

Configure Remedy SSO for end user authentication:

  • Add and configure authentication for realms
  • Enable AR authentication for bypass
  • Enable Remedy SSO to authenticate applications in iframes
  • Rebrand the Remedy SSO end user login page
  • Set up the user ID transformation
  • Enable and configure authentication chains for a realm
Setting up end user authentication
Create, edit and delete users and groups for realms with local authentication type.

Configuring Local authentication

Configure OAuth 2.0 protocol for one or more of the following tasks:

  • Register OAuth 2.0 native client applications
  • Register OAuth 2.0 non-native client applications
  • Set up token timeout for client applications
  • Generate JWKs for OAuth 2.0 flow
  • View and delete tokens of active user sessions
Configuring OAuth 2.0

Enable single sign-on experience for applications hosted on different domains.

Configuring Remedy SSO for applications hosted on different domains

Enable single sign-on experience for applications cross-launched from a different Remedy SSO server.

Enabling cross launch for applications integrated with different Remedy SSO servers

Configure the start page for applications protected by Remedy SSO.

Adding applications to the Digital Service Management page

Create a backup of the Remedy SSO server before upgrade.

Restore the Remedy SSO configuration from backup.

Importing and exporting Remedy SSO server configuration
Kill end users sessions.Invalidating and configuring end user sessions

The following tasks apply to you if you have read and write permissions for the file system on servers with  Remedy SSO server and  Remedy SSO agents:


Configure the file on the servers with applications integrated with Remedy SSO.

Configuring Remedy SSO agent

Transfer data between two Remedy SSO servers.

Transferring data between Remedy SSO servers

Was this page helpful? Yes No Submitting... Thank you