Out of support


This documentation supports the 8.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.

Click here to view the documentation for a supported version of Remedy Single Sign-On.

Using SAMLv2 for authentication

In SAMLv2, a collection of entities are grouped together to form a Circle of Trust. The Circle of Trust is composed of a Service Provider (SP) and an Identity Provider (IdP). The Identity Provider authenticates the users and provides this information to the Service Provider. The Service Provider hosts services that the user accesses.


BMC Atrium Single Sign-On can be configured to perform as an SP or as an IdP.

In a typical SAMLv2 deployment scenario, the BMC Atrium Single Sign-On server is configured as an SP for BMC products. The BMC Atrium Single Sign-On SP is then added to a Circle of Trust which includes an IdP. The IdP provides the authentication services for the BMC Atrium Single Sign-On system.

In addition, the IdP caches authentication information within the browser. This information allows the IdP to automatically re-authenticate a user without the user re-entering their credentials. For more information about automatic logon behavior, see Logon and logoff issues.


BMC Atrium Single Sign-On SAMLv2 implementation is limited to:

  • SAML 2.0 browser-based transient Federation and Federated SSO
  • Browser-based HTTP GET and POST binding mechanisms of the SAML 2.0 protocol

The following illustration shows BMC Atrium Single Sign-On configured as an SP. BMC products are integrated with BMC Atrium Single Sign-On which, in turn, hosts the SP for the Circle of Trust. For the IdP, any SAMLv2 IdP can be used. In addition, a second BMC Atrium Single Sign-On server can be configured to host an IdP.

BMC Atrium Single Sign-On server configured as an SP

Related topics

Was this page helpful? Yes No Submitting... Thank you