BMC Helix SSO architecture
This topic provides the basic model of the BMC Helix Single Sign-On architecture and describes the BMC Helix SSO components.
After integration with BMC Helix SSO, end users can securely authenticate with multiple BMC applications by using just one set of credentials. For example, Allen logs in to BMC Helix Digital Workplace, browses a catalog and opens a knowledge article that contains a link to BMC Helix Business Workflows with more details about this article. Allen accesses BMC Helix Business Workflows without repeated credentials provision.
BMC Helix SSO architecture model
The following diagram shows the BMC Helix SSO architecture, and includes the following details:
- BMC Helix SSO components
- BMC applications that can be integrated with BMC Helix SSO
- Third-party components
BMC Helix SSO components
The following table provides information about the major components of BMC Helix SSO.
BMC Helix SSO web application
Authenticates users and gets validation requests from BMC Helix SSO agents. If authentication succeeds, the BMC Helix SSO web application generates authentication tokens and stores them in the BMC Helix SSO database. The BMC Helix SSO web application then processes the authentication response by allowing or denying the authentication request.
BMC Helix SSO database
BMC Helix SSO uses the database for storing the following details:
With one database, all BMC Helix SSO server nodes can share the configuration and authentication data and work as a high-availability cluster.
BMC Helix SSO Admin Console
Provides an interface for accessing the BMC Helix SSO web application. BMC Helix SSO administrators perform tasks required to set up authentication and configure the BMC Helix SSO server from the BMC Helix SSO Admin Console. URL to access the BMC Helix SSO Admin Console: https://BMCHelixSSOServer:portNumber/rsso/admin
|Identity provider (IdP)|
Stores users and user groups information.
Identity providers are external systems, such as Active Directory, Okta, Oracle Access.
BMC Helix SSO components required for integration with BMC applications
To achieve successful integration with BMC applications, ensure that you have configured the following BMC Helix SSO components:
BMC Helix SSO agent
Filters protected resources from unauthenticated requests. When the BMC Helix SSO agent detects an unauthenticated request, it redirects the user to the BMC Helix SSO server web application. The agent defines the right realms for the users depending on their domains. It also defines the right server to communicate in a multi server environment.
Mid Tier BMC Helix SSO authenticator plug-in
Validates the token from the user request and extracts user information from the context. It then passes the information to the Action Request System (AR System) through the Mid Tier authentication infrastructure. The authentication request is then processed on the AR System side by the BMC Helix SSO AREA plug-in.
BMC Helix SSO AREA plug-in
Gets user information from the Mid Tier API call as an authentication token and then makes a REST API call to the BMC Helix SSO web application to verify the token's validity.