This documentation supports the 19.11 version of BMC Remedy Single Sign-On, which is available only to BMC Helix subscribers (SaaS).

To view an earlier version, select the version from the Product version menu.

Configuring Remedy SSO for applications hosted on different domains

You configure multiple domain support so Remedy SSO can provide authentication for applications hosted on different domains. For example, your application is hosted in your company data center and the Remedy SSO server is hosted in another data center, such as a BMC data center. In this scenario, the Remedy SSO agent and server must act as an OpenID Client and OpenID provider respectively.


The following Remedy SSO features are not supported for the applications for which Remedy SSO agent and server act as an OpenID client and OpenID provider respectively:

To allow applications hosted on different domains to use the same Remedy SSO server for authentication

  1. In Remedy SSO Admin Console, register an application as an OAuth2 client. For information about how to configure the OAuth2 client, see Configuring OAuth 2.0

  2. Select the openid (Scope used for OpenID connect) check box to enable the OpenID scope for this client.

  3. Configure the token timeout for the OAuth client as follows:
    1. Set the OpenID Issuer URL. The value must correspond to the sso-external-url configured in the file.
    2. Configure the Access Token Timeout value for managing the user session time.
  4. Generate the JWK Id for OAuth flow.
  5. Copy the Client ID and Client Secret generated after registering the client as OAuth2 and save them.

  6. On a server with Remedy SSO agent, configure the file as follows: 

    oauth-client-id=<Client ID>
    oauth-client-secret=<Client Secret>
  7. Save the file. 

    Remedy SSO is now configured for using OpenID connect.

Was this page helpful? Yes No Submitting... Thank you