Out of support This documentation supports the 8.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Integrating BMC ProactiveNet

BMC ProactiveNet 9.0.00 uses the BMC Atrium Single Sign-On authentication system to provide single sign-on and single sign-off. BMC Atrium Single Sign-On allows users to present credentials only once for authentication and subsequently be automatically authenticated by every BMC product that is integrated into the system.

Users, user groups and privileges defined in BMC Atrium Single Sign-On are used for BMC ProactiveNet group mapping. See Managing-users and Managing-user-groups.

This section includes the following topics:

Before you begin

BMC Atrium Single Sign-On must be installed and configured before installing BMC ProactiveNet.

Users, user groups and privileges defined in BMC Atrium Single Sign-On are used for BMC ProactiveNet group mapping.

Note

The BMC ProactiveNet Single Sign-On feature can be integrated either during installation, or post-installation.

To integrate BMC ProactiveNet during installation

Note

The BMC ProactiveNet Server installer prompts for information that must already be defined in BMC Atrium Single Sign-On.

  1. Select Single Sign-On (SSO) - Enable and configure

  2. Provide the following information:

    Field

    Description

    Atrium SSO Server Hostname Domain

    Enter the fully qualified name of the BMC Atrium Single Sign-On server.

    ProactiveNet Server Hostname Domain

    Enter the fully qualified host name of the server where BMC ProactiveNet Server is installed. By default, this field is populated with the host name of the server on which the installer is executed.

    Atrium SSO HTTPS Port

    Enter the BMC Atrium Single Sign-On secure port number. The default port number is 8443.

    Searcher ID

    Enter the BMC Atrium Single Sign-On Searcher ID used to search all user names and
    groups.

    Searcher Password

    Enter the password of the Searcher ID user.

    Atrium SSO AmAdmin Password

    Enter the BMC Atrium Single Sign-On server amAdmin password.

To integrate BMC ProactiveNet after installation

The BMC Atrium Single Sign-On feature can be configured post-installation in one of two ways:

  • Using the Post Installation Configuration interface in the BMC Proactivenet Operations Console. For more information, see the BMC ProactiveNet User Guide.
  • Using the pw sso commands. For more information, see the BMC ProactiveNet CLI Reference Guide.

Once BMC Atrium Single Sign-On is integrated, when you launch BMC ProactiveNet, the BMC Atrium SSO screen appears. Enter your user name and password and BMC ProactiveNet
 automatically launches.

  • If you launch BMC ProactiveNet and try to log in as a user who is not associated with a
     valid user group in BMC Atrium Single Sign-On, BMC ProactiveNet displays an error stating "Invalid username/password".
  • If you receive a message that the BMC ProactiveNet Server has restarted, you must close the browser, then re-open the browser and log back in.

To define users and groups

To enable single sign on, you must first create BMC ProactiveNet users and user groups in BMC Atrium Single Sign-On. The users must be assigned to groups, and groups must be assigned privileges. Users, user groups and privileges defined in BMC Atrium Single Sign-On are used for BMC ProactiveNet group mapping.

During installation of BMC ProactiveNet, the BMC ProactiveNet Server Installer prompts for information that must already be defined in BMC Atrium Single Sign-On. Therefore the minimum required definition in BMC Atrium Single Sign-On, before installing BMC ProactiveNet, is the following:

  1. Create and define a Searcher user.
  2. Define the SSO amAdmin user and assign full access privileges. (The SSO amAdmin user is automatically created during installation of BMC Atrium Single Sign-On.)
  3. Create an Administrative user group and assign full access privileges.

To create new users

New users can only be created when you are using the internal LDAP server for authentication. If an external source is used for authentication, new users must be created within that external system.

  1. Sign onto BMC Atrium Single Sign-On.

  2. Navigate to the User page: Access Control > BmcRealm > Subjects tab > User 

    Note

    When integrating a BMC ProactiveNet Server with an external system such as SSO or LDAP for authentication, ensure that the same user name does not exist in both the external system and the BMC ProactiveNet Server.

    Failed to execute the [confluence_note] macro.

    If the same user exists in both, user group associations defined in BMC ProactiveNet will be considered.
    {{/confluence_note}}
    )))

    1. Click New. Each of the fields marked with an asterisk is a required field.
    2. In the ID field, enter a unique identifier for the new user. This value is used as the
       user ID when the user logs in. If special characters, such as comma ( , ) , semi-colon ( ; ),
       or plus sign ( + ) are used in the user ID, the backslash () must precede the special
       character. For example, Baldwin\,bob.
    3. Enter the user's last name and full name.
    4. Enter an initial default password (which the user changes) and confirm this default
       password.
    5. In the User Status field, verify that the Active radio button is selected (default).
    6. Click OK.

    To assign users to user groups

    1. In BMC Atrium Single Sign-On, navigate to the Group tab: Access Control > BmcRealm > Subjects tab > Group
    2. Click on the group name.
    3. The Edit Group page displays showing the Universal ID details.
    4. Click the User tab.
    5. Select users from the list of Available users.
    6. Click Add.

    7. Alternatively, you can add all of the users by clicking Add All

      Failed to execute the [confluence_note] macro.

       An initial password must be provided when creating the account. Once created, the user can log into BMC Atrium Single Sign-On and update the password and their personal information through the following URL:

    8. Click Save to save the changes, Reset to reset to the default or (Back to Subjects* to return to the Group page.

      The membership change is immediately put into effect.

    To assign privileges to user groups

    1. In BMC Atrium Single Sign-On, navigate to Access Control > BmcRealm.
    2. Click the Privileges tab.
    3. Select the group name. The Group - Properties page displays.
    4. Select the appropriate option from the available privileges:
      • Read and write access only for policy properties
      • Write access to all log files
      • Read access to all log files
      • Read and write access to all configured Agents
      • Read and write access to all realm and policy properties
      • Read and write access to all log files
    5. Click Save.

      The privileges go into immediate effect.

    To clean up Web Agent entries when the BMC ProactiveNet Server is uninstalled

    The following steps are required to delete Web Agent entries on the BMC Atrium Single Sign-On Server when the BMC ProactiveNet Server is uninstalled.

    Failed to execute the [confluence_note] macro.

    Any changes made to a SSO user will not be reflected in an active BMC ProactiveNet session.

    The user must log out and log back in for the changes to be in effect.
     Deleting Web Agent entries in BMC Atrium Single Sign-On.

    1. In BMC Atrium Single Sign-On, navigate to Access Control > /Top Level Realm.
    2. Click the Agents tab.
    3. Click the J2EE tab.
      A list of the Agents that are registered on the Single Sign-On server displays.

    4. Identify the two Agents corresponding to your BMC ProactiveNet Server host.
       Search for the following patterns: 

      /@<BMC ProactiveNet Server Host>:<Port>
      /admin@<BMC ProactiveNetServer Host>:<Port>
    5. Mark the Agents to delete by selecting their corresponding checkboxes.
    6. Click Delete.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*