This documentation supports the 22.4 version of BMC Helix Single Sign-On, which is available only to BMC Helix customers (SaaS). 

To view an earlier version, select the version from the Product version menu.

22.4 enhancements and patches

Review the BMC Helix Single Sign-On 22.4 enhancements and patches for features that will benefit your organization and to understand changes that might impact your users.

BMC applies upgrades as described in the BMC Helix Upgrade policy Open link . BMC applies upgrades and patches during Maintenance windows Open link .

(On premises only) Downloading and installing the patch

See Deploying BMC Helix common services for BMC Helix IT Service Management Open link and Deploying BMC Helix IT Operations Management Open link .



Idle timeout updates

The following updates to the idle timeout functionality are available:

  • Configurable time settings for backend idle timeout, UI idle timeout, and warning messages.
  • Support of UI idle timeout for the BMC Helix SSO agent.

For more information, see Enabling idle timeout for integrated BMC applications


The following image shows the warning message displayed in an integrated BMC application when the UI idle timeout is reached:

UI idle timeout for integrated BMC applications

A SaaS administrator can enable the UI idle timeout to log out users from a BMC application integrated with BMC Helix SSO due to inactivity. This feature enhances security by decreasing the risk of unauthorized access to BMC applications. 

For more information, see Enabling idle timeout for integrated BMC applications

Customize webhooks payload for SAML 2.0

As a SaaS administrator, you can configure a custom webhook payload based on extracted attributes from the SAML IdP. You can select values specified in the XPath field and set them as custom attributes for a webhook playload. For more information, see Notifying an external service about user authentication by using a webhook.

Configure custom attributes for the userinfo endpoint

A SaaS administrator can configure a custom userinfo payload by mapping attributes extracted from SAML IdP request attributes and custom claims in a user info response. The extracted information about a user is then converted into a format that has been configured by the administrator. For more information, see Configuring OAuth 2.0.

The following image shows an example of the userinfo response containing the extracted attributes.

Verify TCP connection of an integrated application

Administrators can use the TCP connection option to verify whether an integrated application is accessible. This feature helps administrators troubleshoot failed connections between the BMC Helix SSO server and the integrated application. For more information, see Setting up tenants

What else changed in this release

In this release, note the following significant changes in the product behavior:

UpdateProduct behavior in versions earlier than 22.4Product behavior in version 22.4 and later

Interactive self-help in the UI.

Interactive self-help is present in the BMC Helix SSO user interface.

(Version 22.4.01 and later) Interactive self-help is removed from the BMC Helix SSO user interface.

Administrator session saved after a brute force attack.

During a brute force attack, an internal admin user is automatically logged out with an invalidated session. The locked-out admin user waits for another admin user to unlock their account. The admin user lockout can happen only if the Admin Lockout Threshold value is not 0.

During a brute force attack, an internal admin user remains logged in until a session is valid. While the session is active, the admin user can create another administrator and unlock themselves. The admin user lockout can happen only if the Admin Lockout Threshold value is not 0. For more information about admin lockout, see Setting up BMC Helix SSO administrator accounts.

BMC Helix SSO logout experience is provided by default for the new installations of BMC Helix SSO, newly created realms and tenants in the Client.

A user should activate the option of BMC Helix SSO experience for each of the necessary realms.

In a realm, a Single logout check box is now marked by default. This option allows users to log out from applications integrated with the BMC Helix SSO simultaneously. For more information, see Login and logout experience for end users.

Was this page helpful? Yes No Submitting... Thank you