Password change mechanisms
BMC Helix Single Sign-On is designed to authenticate users via identity providers which store all user related data, such as usernames and passwords. Hence, users can change their password on an identity provider (IdP) side.
By design, identity providers do not automatically notify BMC Helix SSO about the password change. Therefore, an end user's BMC Helix SSO session remains active until it expires, and is not revoked after a password change on IdP. To force the logoff, and receive the request for entering a new password, an end user needs to ask a BMC Helix SSO administrator to delete all active sessions/OAuth of this end user.
Password change mechanisms for AR identity provider
BMC Helix SSO enables end users to change their Action Request System (AR System) passwords directly in the BMC Helix SSO login page. As a BMC Helix SSO administrator, you configure whether or not end users can change passwords. The Change password link is available on the BMC Helix SSO login page, if you enable the Allow users to change passwords option for AR System authentication in BMC Helix SSO Admin Console. For more information about this option, see BMC Remedy AR System authentication process.
Supported password change scenarios
The password change functionality is supported under the following conditions:
- AR authentication with a single AR System configured.
- An authentication chain with AR authentication and preauthentication. Any number of preauthentication instances can be added in any order (Example: AR + PREAUTH; PREAUTH + AR; AR + PREAUTH + PREAUTH).
Unsupported password change scenarios
The password change functionality is not supported under the following conditions:
- An authentication chain of more than one AR System as the authenticaton mechanism (AR + AR).
- An authentication chain of one AR System and any authentication type except preauthentication.
- Reauthentication and bypassing login pages.
- An option to reset your password on the login page.
End user password change scenarios
The password change functionality supports the following end-user scenarios:
|Process to change the password
An end user tries to access an integrated BMC application (for example, BMC Helix Digital Workplace) and is redirected to the BMC Helix SSO login page.
The user wants to change the current password and hence clicks the Change password link.
To voluntarily change the password:
An end user tries to access an application (for example, BMC Helix Digital Workplace) and is redirected to the BMC Helix SSO login page.
The user's password may have expired or the system forces the end user to change the password.
To change the password when the system forces you to change the password:
An end user gets an email notification from AR System stating that the user's password has expired or will expire in a few days.
The email contains an application URL with the following as the suffix: /_rsso/server/change-password. When the user accesses the URL, a page is displayed where the user changes the password.
To change the password: