Configuring settings for BMC Helix SSO administrators
As a tenant administrator, you can configure settings such as for BMC Helix SSO administrators.
To configure the maximum session time for administrators
- In the BMC Helix SSO Admin Console, select General > Basic.
In the Max Admin Session Time field, set the time after which the admin session expires.
When this value is selected, time constraints are automatically enforced. By default, one hour is set.
Important
The minimum value is 1 minute, and the maximum value is 1 year.
Click Save.
To enable the lockout functionality for BMC Helix SSO administrators
By default, the account lockout functionality is disabled for the BMC Helix SSO Admin Console. You can set the number of login attempts for BMC Helix SSO administrator accounts before the accounts get locked out.
- In the BMC Helix SSO Admin Console, select General > Basic.
- In the Admin Lockout Threshold field, enter the number of login attempts for administrators.
By default, the value is set to 0.
To enable audit records on the BMC Helix SSO server
By default, audit is disabled for both administrator and end-user actions. You can enable audit records on the BMC Helix SSO server. The following screenshot shows the Audit section in the BMC Helix SSO Admin Console:
- In the BMC Helix SSO Admin Console, select General > Advanced.
- In the Audit section, select the appropriate option:
- To enable audit records for administrator actions, select the Admin events check box.
- To enable audit records for end-user actions, select the End-user events check box. - Click Save.
When you enable audit logging, the Audit tab in the BMC Helix SSO Admin Console displays all actions performed by the administrator, end user, or both. By default, the Audit tab shows all logged administrator, end-user actions, or actions of both for the last day. You can get audit actions for a certain date and one session. For more information, see Reviewing audit records.
To update the retention policy
By default, all logged audit actions are stored in the database for the last 120 days. You can change the number of days in the Retention policy field only if you have the administrator rights and enable administrator events audit or end-user events audit. The Retention policy option is enabled by default.
Important
The Retention policy option is available only for the SaaS tenant. To enable the Retention policy option, you must select the Admin events or End-user events check box, or both.
To change the number of days for logging audit records in the database, perform one or more of the following actions:
Task | Steps to perform |
---|---|
To configure the retention policy for audit logs |
|
To disable the retention policy |
|
To delete old audit logs |
|
Comments
Log in or register to comment.