BMC Helix SSO multitenancy

BMC Helix Single Sign-On supports multitenancy where a single application instance serves multiple tenants and guarantees data isolation between tenants. In a multitenant mode, each tenant has its own configuration with its own list of realms, BMC Helix SSO server settings, OAuth client, sessions, administrator users, and so on.  

As a SaaS administrator, you might need to configure multiple tenants for BMC Helix SSO to isolate data within a single instance of BMC Helix SSO.

The following diagram illustrates the concept of multitenancy in BMC Helix SSO:

Tenants in this diagram represent configuration instances fully isolated from each other but physically saved on the same BMC Helix SSO server.

The SaaS tenant is a predefined tenant available on the BMC Helix SSO server. You cannot delete or modify the SaaS tenant. We do not recommend using the SaaS tenant for data segregation. 


You can perform the following actions in the SaaS tenant:

Tenant 1 and Tenant 2 are tenants of the same BMC Helix SSO server created by a SaaS administrator user. Tenant 1 administrator user can log in to the Admin Console of Tenant 1 and make changes to its configuration, and Tenant 2 administrator user can log in to the Admin Console of Tenant 2 and make changes to its configuration.


Only local user management options are available in the Admin Console of a tenant.

The SaaS administrator users can access the configuration of any tenant on the BMC Helix SSO server by switching to the Admin Console of a selected tenant.

Was this page helpful? Yes No Submitting... Thank you