This documentation supports the 19.11 version of BMC Remedy Single Sign-On, which is available only to BMC Helix subscribers (SaaS).

To view an earlier version, select the version from the Product version menu.

Roles and permissions

This topic describes roles and permissions for using Remedy Single Sign-On Admin Console.

User roles

As an administrator in the Remedy Single Sign-On Admin Console, you can have one of the following roles:

RoleDescription
SaaS administrator

SaaS administrator users have full rights to create, activate, delete or temporarily deactivate other tenants.  Users with this role can view and change the configuration of any tenant registered on Remedy SSO server.

From the SaaS tenant, SaaS administrators can create other SaaS administrator users.

From a customer tenant, SaaS administrators can create tenant administrator users.

Tenant administrator

Tenant administrator users have full rights to manage local users for realms in their tenant.

Tenant administrators cannot do anything else in the Remedy Single Sign-On Admin Console.

Permissions in Remedy Single Sign-On Admin Console

Depending on your role, you have the following permissions for accessing features in the Remedy Single Sign-On Admin Console:

Feature in the Remedy SSO Admin Console

SaaS administratorTenant administratorReference

Remedy SSO server configuration

SupportedNot supportedConfiguring Remedy SSO server

Remedy SSO server configuration import and export

SupportedNot supportedImporting and exporting Remedy SSO server configuration
Realms managementSupportedNot supportedAdding and configuring realms
User sessions managementSupportedNot supportedInvalidating and configuring end user sessions
Local users managementSupportedSupportedConfiguring Local authentication
OAuth 2.0 clients managementSupportedNot supportedConfiguring OAuth 2.0
LaunchPad applications managementSupportedNot supportedAdding applications to the Digital Service Management page
Administrator users managementSupportedNot supportedSetting up Remedy SSO administrator accounts
Tenant managementSupportedNot supportedActivating tenants

The login and logout activities of all users in Remedy SSO are displayed in the Remedy SSO log files.

How users can be created on the Remedy SSO server

Administrators who have access and perform tasks in Remedy SSO Admin Console can be created by one of the following methods:

The default administrator user

When a system administrator installs Remedy SSO server, the SaaS administrator is by default created on the Remedy SSO server. For information about how to log in to Remedy SSO Admin Console by using the credentials of the default internal administrator, see Verifying the installation.

After the SaaS administrator logs in to the Remedy SSO for the first time as the default administrator, the SaaS administrator can change the default password. For details about how to do this, see Setting up Remedy SSO administrator accounts.

Internal administrator users on the Remedy SSO server

SaaS administrators can create the following users in the Remedy SSO Admin Console from the Admin User tab.

  • In the SaaS tenant, create SaaS administarors 
  • In a customer tenant, create tenant administrators. 

For information about how to create users, see Setting up Remedy SSO administrator accounts.

External LDAP users with granted administrator privileges for Remedy SSO

To distribute responsibility between Remedy SSO administrators, a SaaS administrator can grant administrator privileges to users from an external LDAP directory. External users can log in to Remedy SSO Admin Console, and perform administrative tasks available to them.  

To grant the SaaS administrator privileges to external users, in the SaaS tenant, a SaaS administrator needs to configure the LDAP authentication on the Server Configuration page in the  Remedy SSO Admin Console.

To grant the tenant administrator privileges to external users, in a customer tenant, a SaaS administrator needs to configure LDAP authentication on the Server Configuration page in the Remedy SSO Admin Console.

For instructions on how to configure LDAP for external users, see Configuring general settings for Remedy SSO server.

Note

 External users with administrator privileges in Remedy SSO follow the password policies enforced by LDAP. 

Was this page helpful? Yes No Submitting... Thank you

Comments