Configuring settings for BMC Helix SSO administrators

As a tenant administrator, you can configure settings such as for BMC Helix SSO administrators.

Related topics

Setting up BMC Helix SSO administrator accounts

To configure the maximum session time for administrators

In the BMC Helix SSO Admin Console, select General > Basic.
In the Max Admin Session Time field, set the time after which the admin session expires.
When this value is selected, time constraints are automatically enforced. By default, one hour is set.
Important

The minimum value is 1 minute, and the maximum value is 1 year.
Click Save.

To enable the lockout functionality for BMC Helix SSO administrators

By default, the account lockout functionality is disabled for the BMC Helix SSO Admin Console. You can set the number of login attempts for BMC Helix SSO administrator accounts before the accounts get locked out.

In the BMC Helix SSO Admin Console, select General > Basic.
In the Admin Lockout Threshold field, enter the number of login attempts for administrators.
By default, the value is set to 0.

To enable audit records on the BMC Helix SSO server

By default, audit is disabled for both administrator and end-user actions. You can enable audit records on the BMC Helix SSO server. The following screenshot shows the Audit section in the BMC Helix SSO Admin Console:

In the BMC Helix SSO Admin Console, select General > Advanced.
In the Audit section, select the appropriate option:
- To enable audit records for administrator actions, select the Admin events check box.
- To enable audit records for end-user actions, select the End-user events check box.
Click Save.

When you enable audit logging, the Audit tab in the BMC Helix SSO Admin Console displays all actions performed by the administrator, end user, or both. By default, the Audit tab shows all logged administrator, end-user actions, or actions of both for the last day. You can get audit actions for a certain date and one session. For more information, see Reviewing audit records.

To update the retention policy

By default, all logged audit actions are stored in the database for the last 120 days. You can change the number of days in the Retention policy field only if you have the administrator rights and enable administrator events audit or end-user events audit. The Retention policy option is enabled by default.

Important

The Retention policy option is available only for the SaaS tenant. To enable the Retention policy option, you must select the Admin events or End-user events check box, or both.

To change the number of days for logging audit records in the database, perform one or more of the following actions:

Task	Steps to perform
To configure the retention policy for audit logs	In the Retention policy field, set a value to specify the number of days the audit logs are saved on the BMC Helix SSO server. Click Save.
To disable the retention policy	In the Retention policy field, set 0 to save logs forever. Click Save.
To delete old audit logs	In the Retention policy field, set a relatively small value, for example, one day. Click Save. All audit records older than the specified number of days are automatically deleted in 24 hours after the BMC Helix SSO server start.

Where to go from here

Configuring authentication for BMC Helix SSO administrators