Adding or deleting realms for multi-tenancy support
BMC Atrium Single Sign-On allows you to configure a new realm for each tenant in BMC Remedy Action Request (AR) System. A realm is a virtual Identity Provider (IdP) used for authenticating a tenant. Each realm is mapped to a web agent in the BMC Remedy Mid Tier, and each tenant has one mid tier. To provide individual properties for authentication, you must add a realm for each tenant in BMC Atrium Single Sign-On. You can add multiple realms using the Realms panel.
For multi-tenancy support in BMC Remedy AR System, BMC Atrium Single Sign-On allows configuration of multiple realms. In this case, the Realms panel replaces the default BmcRealm panel in the BMC Atrium SSO Admin Console. The Realms panel displays the realm name along with its user profile and status. Each realm has the same capability as the BmcRealm in terms of managing realm authentication, federation, user stores (BMC Remedy AR System and LDAPv3), users, and user groups.
The following topics are provided:
Before you begin
- To enable you to add a new realm, you must set the allow.tenant.admin and allow.multiple.realms parameters to true in the web.xml file. For more information, see Managing realms.
- If you want to map the realm to a web agent automatically, select the Automatically Include New Realms check box. For information about enabling this feature, see .
In BMC Remedy AR system, when a tenant that uses BMC Atrium Single Sign-On for authentication is added, you must add a corresponding realm to BMC Atrium Single Sign-On so that single sign-on is seamlessly available for the new tenant. To add realms to a BMC Atrium Single Sign-On server, use the Realms panel on the BMC Atrium SSO Admin Console. The Realms panel is available only after you enable support for multiple realms.
The following image shows the BMC Atrium SSO Admin Console when the Realms panel is available.
BmcRealm is the default realm and cannot be deleted.
To add a new realm
- On the Realms panel, click Add. The Create Realm Editor is displayed.
- In the Realm Name field, provide a name for the new realm.
In the Tenant Domain field, provide the domain name used by the customer; for example, abc.bmc.com.
Use a semicolon separator when adding more than one host name; for example, admin.xyz.bmc.com; users.xyz.bmc.com.
- In the User Profile field, select one of the following user profiles:
- Dynamic — A local Single Sign-On user profile is created after a successful authentication, if it does not already exist.
- Ignored — No local Single Sign-On user profile is created or required for authentication.
- Required — A local Single Sign-On user profile with the same user ID is required for authentication to be successful.
- Click Save.
With the latest release, the users accessing the application URL (for example, https://company.onbmc.com/arsys) must provide a valid domain name the first time they access the application. The logon page prompts the user to enter a domain name, based on which the user is redirected to log on to the relevant realm. For more information, see Authenticating to the correct realm automatically.
To remove a realm, select the realm on the Realms panel and click Delete.