Setting up BMC Helix SSO administrator accounts
As a SaaS administrator, you can create the following user accounts who will have access to the BMC Helix Single Sign-On Admin Console:
- SaaS administrators—Users who have full administrative rights in the SaaS tenant and all customer tenants on the BMC Helix SSO server.
- Tenant administrators—Users who have access to the BMC Helix SSO Admin Console of specific tenants and have restricted administrative rights for those tenants.
For more details about permissions of these users, see Roles and permissions.
To create a SaaS administrator account
As a SaaS administrator, log in to the BMC Helix SSO Admin Console.
Click the Admin User tab.
The list of administrator users is displayed.Click Add Admin User.
On the Add Admin User page, enter the following details:
- Login—Name of the BMC Helix SSO administrator that must correspond to the requirements.
- Password—SaaS administrator's account password that must correspond to the requirements.
Confirm Password
5. Click Save.
The SaaS administrator account is now added, and it is available in List of Admin Users.
To create a tenant administrator account
As a SaaS administrator, log in to the BMC Helix SSO Admin Console.
- On the navigation panel, click Tenant.
- From the list of tenants, select a tenant for which you would like to create a tenant administrator user account.
- Click the pin icon to switch to the BMC Helix SSO Admin Console of the selected tenant.
On the navigation panel, click the Admin User tab.
The list of administrator users is displayed.Click Add Admin User.
On the Add Admin User page, enter the following details:
- Login—Name of the BMC Helix SSO administrator that must correspond to the requirements.
- Password—Tenant administrator's account password that must correspond to the requirements.
Confirm Password
Click Save.
The tenant administrator account is now added, and it is available in List of Admin Users.
Login name requirements for an administrator account
The example of the valid login name - user123
- The login name is case insensitive.
- The login name length must be between 1 and 255 characters.
- The login name cannot contain any of these characters !"#$%&()*+,/:;<=>?[\]^`{|}~
- The login name cannot contain the designated list of Unicode special characters.
- The login name cannot contain the designated list of Unicode space characters and zero-width spaces.
Password requirements for an administrator account
The example of a valid password - Ab1%Cd2#
- The password length must be between 8 and 128 characters.
- You can use only ANSCII printable characters, and the password must contain characters from each of the following four categories:
- uppercase letters
- lowercase letters
- numeric characters
- special characters, except for a space character
User management tasks
Under the Action column on the Admin User tab, you can manage the administrator user accounts by performing the following tasks:
Task | Description |
---|---|
Lock or Unlock Admin User | If a user account has violated any policies, you can temporarily disable this user by locking the account. When you lock an administrator account, the current session of the administrator user does not get invalidated. You must manually invalidate the current session of this user. For information about how to invalidate a user session, see Invalidating and configuring end user sessions. If an administrator exceeds the number of login attempts by trying to log in using an incorrect password, the administrator account is locked automatically if you have configured the automatic lockout feature. You can unlock an administrator user at any time. Note: You cannot lock an administrator account under which you are currently logged in. To lock the account, you must log in to the BMC Helix SSO Admin Console as another administrator user. |
Edit Admin User | You can change the password of an administrator. The password complexity is the same as for creating a new administrator. Note: You cannot modify the login name after it is created. |
Delete Admin User | You can delete an administrator account. When you delete an administrator user account, the old sessions of the administrator user account do not get invalidated. You have to manually invalidate the old sessions of that administrator user. Note: You cannot remove an account under which you are currently logged in. To remove the currently logged in user account, log in to the BMC Helix SSO Admin Console as another administrator user, and delete the required account. |
To configure BMC Helix SSO to lock an administrator account automatically
You can configure BMC Helix SSO to automatically lock an administrator account in a case of a brute force attack. By default, this feature is enabled.
Log in to the BMC Helix SSO Admin Console.
Click the General tab.
Select Basic > Session Settings.
In the Admin Lockout Threshold field, select a value to set the maximum number of unsuccessful login attempts allowed by BMC Helix SSO within one minute.
If the number of login attempts exceeds the number of attempts that you have set, the administrator account will be locked automatically.
Important
- The default value is 0. The lockout feature is disabled when this value is set to 0.
- The lockout feature applies to internal administrators only.
Click Save.
Comments
Log in or register to comment.