Managing users

BMC Atrium Single Sign-On provides basic user and group management features with the internal LDAP server. These features allow an administrator to manage users, groups, and memberships in the groups. From the User page, the administrator can create, delete, and manage group memberships.

BMC Atrium Single Sign-On is configured to use an internal LDAP for user authentication (default). While not recommended for large-scale deployments, the internal database can be used for small deployments, demonstrations, and other Proof-Of-Concept (POC) work. For larger deployments, BMC recommends that you use an external authentication server, such as another LDAP server.

• • To access the User page
  • To add a new user
  • To search for users
  • To delete users
  • To change a user's password
  • To enable a user account
  • To disable a user account
  • To add a group membership to a user account
  • To remove a group membership from a user account
  • To view user sessions
  • To terminate an active user session

To access the User page

Navigate to Access Control > BmcRealm link > Subjects > User

New users can only be created when you are using the internal LDAP server for authentication. If an external source is used for authentication, new users must be created within that external system.

When creating a new user, each field that is marked with an asterisk is a required field.

To add a new user

1. Navigate to Access Control > BmcRealm link > Subjects > User
2. Click New.
3. In the ID field, enter a unique identifier for the new user.
    This value is used as the user ID when the user logs in.
4. Enter the user's last name and full name.
5. Enter an initial default password (which the user changes) and confirm this default password.
    An initial password must be provided when creating the account. Once created, the user can log into BMC Atrium Single Sign-On and update the password and their personal information through the following URL:
   
   https://FQDNHostName:port/BMC Atrium SSO?realm=BmcRealm
6. In the User Status field, verify that the Active radio button is selected (default).
7. Click OK.

The name attributes (First, Full, and Last) can be provided to BMC products to help identify user accounts by using terms that are more user-friendly. The actual use of these attributes, though, is dependent on the BMC product.

To search for users

If the number of users in the Available list is too large to find the user that you want to modify, use the search function. The asterisk (*) returns all user accounts. Enter part of the user ID to refine the user account list.

For example, the pattern, "b*", returns users starting with the letter "b" (case-insensitive) such as "bob" and "Baldwin".

To delete users

User accounts can only be deleted if BMC Atrium Single Sign-On is using the internal LDAP server for user authentication needs.

1. Navigate to Access Control > BmcRealm link > Subjects > User
2. Select the check box next to each user account in the User list that should be deleted.
3. Click Delete.
4. Click Save.

To change a user's password

1. Navigate to Access Control > BmcRealm link > Subjects > User
2. Select the user link that you want modify.
3. In the Password field, click Edit.
    This action launches another page where the user's password can be changed.
4. Click OK.

To enable a user account

The user account can be enabled by changing User Status to Active.

1. Navigate to Access Control > BmcRealm link > Subjects > User
2. Select the user link that you want modify.
3. In the User Status field, click the Active radio button.

To disable a user account

The user account can be disabled by changing User Status to Inactive.

1. Navigate to Access Control > BmcRealm link > Subjects > User
2. Select the user link that you want modify.
3. In the User Status field, click the Inactive radio button. When a user account is disabled, the user cannot authenticate without losing any of the user attributes, such as group memberships. A user loses group memberships when the user account is deleted.

To add a group membership to a user account

A user is added to a group from the Group tab, however, the Group tab can be accessed from the Edit User page.

1. Navigate to Access Control > BmcRealm link > Subjects > User
2. Select the user link that you want modify.
3. Select the Group tab.
4. Select a group from the Available list.
5. Click Add.
    Alternatively, click Add All to add all of the available groups to the user account.

6. Click Save. 

   Important

   Be selective when adding users to a group, such the Predefined groups, so that elevated privileges are not accidentally assigned to a user. For example, BmcSearchAdmin has privileges to perform searches and BmcAgents has privileges to read configuration information.

To remove a group membership from a user account

1. Navigate to Access Control > BmcRealm link > Subjects > User
2. Select the user link that you want modify.
3. Select the Group tab.
4. Select a group from the Available list.
5. Click Remove.
    Alternatively, click Remove All to remove all of the available groups from the user account.
6. Click Save.

To view user sessions

1. Log on to the Administrator console.
2. Select the Sessions tab.

To terminate an active user session

1. Log on to the Administrator console.
2. Select the Sessions tab.
3. Select the check box associated with the user session that you want to terminate.
4. Click Invalidate Session.