Setting up OpenID authentication in Remedy SSO
You can configure the Remedy Single Sign-On (Remedy SSO) server to authenticate TrueSight Presentation Server users using an OpenID authentication mechanism.
The following topics help you to perform the OpenID configuration tasks in Remedy SSO and create an authorization profile in the:
- This authentication is supported only with TrueSight Presentation Server version 11.3.02 and later.
The TrueSight REST API calls are not supported for OAuth users.
Before you begin
- You must have installed and configured the Remedy SSO to work with the Presentation Server and its component products. For details, see and
- (Applicable only to Presentation Server versions configured with Atrium SSO) You must migrate the internal user data from Atrium SSO to Remedy SSO. For details, see
- You must have configured tenants to be used with the Presentation Server. For details, see
- You must have set the Remedy SSO general settings. For details, see
- Configure a realm for the authentication. For more information on realm configuration, see
- Ensure that you have procured the details of your OAuth provider. To know how to configure an OAuth provider, see the example Configuring an OAuth provider using Google OAuth.
Configuring OpenID in Remedy SSO
To configure the OpenID authentication
- (Optional) Click Enable Chaining Mode and perform the following steps to enable authentication chaining. For more information about the authentications that you can chain with OIDC, see
- Click Add Authentication.
- Select the required authentication type and enter the authentication details.
- Repeat steps a through b to add more authentications for the realm.
- Click Add Authentication.
- In the Authentication Type field, click LOCAL.
- Enter the LOCAL details. For more information on parameters, see LOCAL authentication parameters.
- Create users and user groups for the LOCAL authentication.
The users in LOCAL should be exactly same as the OAuth users.
Associate users to the user groups.
Add the LOCAL authentication entry below the OIDC authentication entry, and do not promote or move the LOCAL entry above the OIDC entry.
Configuring an OAuth provider using Google OAuth
Do the following:
- Log in to Google project, go to Credentials > Create Credentials > OAuth Client ID.
Select Web Application application type, and click Create.
- Save the Client ID and Secret information of the credentials in a notepad. You will need these details later.
Provide the name for your OAuth 2.0 client.
Authorised redirect URIs: https://<rsso_host_FQDN>:<rsso_port>/rsso/redirect
Select the OAuth consent screen tab to view the scope and branding information.
In this step, you can decide whether to grant your application the requested access. The consent window that shows the name of your application and the Google API services that it is requesting permission to access with the authorization credentials and a summary of the scopes of access to be granted. You can consent to grant access to one or more scopes requested by your application or refuse the request.
Log in to the Remedy Single Sign-On server using the Admin user, select the Realm tab.
Create a new realm or edit the existing one.
Under the Authentication tab, select OIDC, and click on Import to get the OIDC provider information.
Open the following URL:
The page will have the pre-populated URL information. For the remaining fields, set the values as explained below:
Scope: Provide the email
Client ID & secret information: Use the information saved from Step 3.
User ID field name: sub
Prompt: Retain the default value
User ID transformation: None
For the successful TrueSight Operations Management authorization login, you will need OIDC user group information.
If you have created new realm and not using default (*) realm, create authorization profile for new realm with appropriate user group and roles mapping.
- Log in to TrueSight console using the Google ID and validate.