This documentation supports the 19.11 version of BMC Remedy Single Sign-On, which is available only to BMC Helix subscribers (SaaS).

To view an earlier version, select the version from the Product version menu.

Configuring LDAP authentication

You can configure Remedy SSO server to authenticate end users through the Lightweight Directory Access Protocol (LDAP). You can also configure LDAP authentication for external administrators, see Configuring the Remedy SSO server for details.

Remedy SSO supports strong LDAP bind with Simple Authentication and Security Layer (SASL). In SASL, a challenge-response authentication protocol enables data exchange between the client and the server. Data exchange supports authentication and establishes a security layer for communications.

LDAP v3 also uses SASL for pluggable authentication. By using pluggable authentication, you can select an authentication mechanism that enables a strong bind. For example, a mechanism such as External with SSL and client certificate establishes a strong bind. The mechanism gets the client certificate from the client (browser), and passes it to Remedy SSO server. The client certificate is then used to create an SSL connection to the LDAP server.

Remedy SSO supports providing additional information about LDAP users and groups. The additional information can be used by an integrated application such as TrueSight Orchestration (formerly BMC Atrium Orchestrator) for administration and authorization.


Remedy SSO does not follow LDAP referrals. 

Related blogs in BMC Communities

Single Sign-On LDAP authentication Open link

Before you begin

  • Add a realm for LDAP authentication. For information about how to add a realm, see Adding and configuring realms.
  • You must have the LDAP server configured.
  • Obtain the following information from the LDAP administrator:
    • Host name of the LDAP server
    • Port number of the LDAP server
    • Distinguished name of the bind LDAP user
    • Password of the bind LDAP user
    • Starting location within the LDAP directory for performing user searches
    • User attribute on which search is performed.

  1. (Optional) Click Test to verify the settings.

Related videos

Watch the video on how to configure LDAP in Remedy SSO.

Where to go from here

To enable authentication chaining mode for the realm, see Enabling authentication chaining mode.

To enable AR for bypassing authentication, see Enabling AR authentication for bypassing other authentication methods.

To transform the User ID value, see Transforming User ID to match Login ID.

Was this page helpful? Yes No Submitting... Thank you