BMC Helix SSO multitenancy

BMC Helix Single Sign-On supports multitenancy where a single application instance serves multiple tenants and guarantees data isolation between tenants. In a multitenant mode, each tenant has its own configuration with its own list of realms, BMC Helix SSO server settings, OAuth client, sessions, administrator users, and so on.  

As a SaaS administrator, you might need to configure multiple tenants for BMC Helix SSO to isolate data within a single instance of BMC Helix SSO.

The following diagram illustrates the concept of multitenancy in BMC Helix SSO:

Tenants in this diagram represent configuration instances fully isolated from each other but physically saved on the same BMC Helix SSO server.

The SaaS tenant is a predefined tenant available on the BMC Helix SSO server. You cannot delete or modify the SaaS tenant. We do not recommend using the SaaS tenant for data segregation. 

Tenant 1 and Tenant 2 are tenants of the same BMC Helix SSO server created by a SaaS administrator user. Tenant 1 administrator user can log in to the Admin Console of Tenant 1 and make changes to its configuration, and Tenant 2 administrator user can log in to the Admin Console of Tenant 2 and make changes to its configuration.

The SaaS administrator users can access the configuration of any tenant on the BMC Helix SSO server by switching to the Admin Console of a selected tenant.