Enabling self-service for tenant administrators

As a SaaS administrator, you can enable self-service for tenant administrators to perform the following operations autonomously, in addition to the local user management operations, in BMC Helix SSO:

  • View audit records
  • Manage sessions (view or delete existing sessions)
  • Configure settings for allowed authentications

You can enable self-service for tenants and realms. When you enable self-service on a tenant level, tenant administrators can also limit the available authentication types for a realm. 

To enable self-service for a tenant

  1. As a SaaS administrator, log in to the BMC Helix SSO Admin Console.

  2. On the navigation panel, click Tenant.
  3. From the tenant list, select the tenant for which you want to enable self-service.
  4. From the Action menu, click Edit Tenant .
  5. Select the Self Service check box.
    By default, the Self Service check box is disabled.
  6. From the Self service configuration list that is displayed, select the authentication types that should be available for a realm.

  7. In Bypass AR Hostname, enter the host name of the Action Request System server (AR System server) and in Port, enter the AR port for AR Bypass authentication mechanism.
  8. Click Save.

To configure self-service for a realm

After configuring the tenant, navigate to the appropriate realm to make it available to the tenant administrator for updating authentication settings.

  1. On the navigation panel, click Realm.
  2. From the realms list, select the realm for which you want to configure self-service.
  3. From the Action menu, click Edit Realm .
  4. Select the Self Service check box.
  5. Click Save.


By default, the Self Service option is not selected for existing and newly created realms.

In addition to the existing Local User tab, the following tabs are made available for the tenant administrator:

RealmMake changes for branding and update Authentication settings (with no access to information about bypass)
SessionGet information about existing sessions and manage them (delete).

For more information about managing sessions, see Invalidating and configuring end user sessions.

OAuth2Manage OAuth2 related settings.
For more information about configuring OAuth2 settings, see Configuring OAuth 2.0.


Tenant administrator can configure all OAuth2 related settings, except OpenID Connect Issue URL.

  • Audit—Get data about administrator and end-user audited actions
Was this page helpful? Yes No Submitting... Thank you