Important This documentation space contains information about the SaaS version of Automation Console. If you are using the on-premises version of Automation Console, see TrueSight Automation Console 24.3

Configuring BMC Helix Single Sign-on for BMC Helix Automation Console

According to your endpoint manager, you must configure TrueSight Network Automation  or TrueSight Server Automation to use BMC Helix SSO, to allow you to log on to BMC Helix Automation Console using the BMC Helix SSO credentials.

Currently, BMC Helix Automation Console supports Local, Lightweight Active Directory Protocol (LDAP), and SAML types of BMC Helix SSO authentication only. For local and LDAP authentication, the session is discontinued when the user logs out.

Before using BMC Helix SSO, ensure that the following prerequisite tasks are complete: 

Prerequisites

Reference topics

BMC Helix SSO is implemented for TrueSight Network Automation

Enabling BMC Helix SSO authentication in TrueSight Network Automation documentation.

BMC Helix SSO is implemented for TrueSight Server Automation

Implementing Remedy Single Sign-On authentication in TrueSight Server Automation documentation.

Users configured in BMC Helix SSO (for local, SAML, and LDAP authentication types) must also be created in TrueSight Server Automation

 

Configuring authentication in BMC Helix SSO documentation.

If using LDAP, synchronize users with the LDAP server in TrueSight Server Automation. For details, see Synchronizing users with LDAP servers.

To enable HSSO integration in TrueSight Server Automation

  1. Login to the Automation Console with the Helix endpoint and navigate to the connector's page.
  2. Enable the TrueSight Server Automation connector with BMC Helix Single Sign-On and make sure it is re-downloaded.

  3. Access the HSSO server URL provided with the tenant details.

    Important

    • Contact BMC support if the URL is not known.
    • Make sure to use the global HSSO URL not the tenant specific HSSO URL.
  4. Download the server certificate in .crt format with the full Base64-encoded ASCII, certificate chain, and rename it to rsso.crt.
  5. Create a Java Keystore (JKS) using the certificate.
    1. Transfer the downloaded rsso.crt certificate to the TrueSight Server Automation machine.
    2. Open a command prompt and change the directory where the rsso.crt is saved.
    3. Run the following command:
      keytool -importcert -file "rsso.crt" -keystore rsso.jks -alias "rsso"
    4. Provide the keystore password when prompted (For example: changeit).
  6. (For Linux app server usersAssign ownership of bladmin:bladmin to the .jks file by using the following command:
    chown bladmin:bladmin <.jksfile>
  7. Configure TrueSight Server Automation with HSSO details. On the TSSA machine open the nsh prompt run the following commands to set mandatory HSSO parameters:
    1. blasadmin
    2. Set RemedySsoAuth IsEnabled true
    3. Set RemedySsoAuth RemedySsoServerUrl https://<hsso_url>/rsso
    4. Set RemedySsoAuth TruststorePathname <path to rsso.jks from step 4>
    5. Set RemedySsoAuth TruststorePassword changeit
    6. Set RemedySsoAuth TruststoreType jks
    7. Show RemedySsoAuth all
      image-2024-7-2_17-18-59.png
      For more details, see Implementing Remedy Single Sign-On authentication.
  8. Restart the TrueSight Server Automation Application Server to apply the configuration changes.
     

  9. Log in to the TrueSight Server Automation console as RBACAdmin, create a new user, and enable the Remedy Single Sign-On authentication.
    You must make sure to create the user with the same name as created in BMC Helix portal. You must also assign appropriate roles to the user, for example, BLAdmins or ITManagers. For non-admin roles make sure the required role is already imported in BMC Helix Automation Console under Security groups. For more information, see Roles-and-permissions-for-the-BMC-Helix-Portal.

    Important

    BMC updates the HSSO server certificate every 11 months. After the server certificate is updated, you must repeat the steps from 3through 9.

  10. Verify the HSSO integration.
    1. Open an incognito window and access the BMC Helix Automation Console url.
    2. In the pop-up window select the TrueSight Server Automation endpoint.
       

Important

  • Make sure all the commands are executed with appropriate permissions and on the correct machines as specified. For example, TrueSight Server Automation machine.
  • Replace all placeholders such as, <HSSO URL><path to rsso.jks> with actual values obtained during the procedure.
  • Perform necessary validations and testing after each step to ensure proper integration of HSSO with TrueSight Server Automation.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*