Out of support This documentation supports the 8.1 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Configuring after installation

When initially installed, BMC Atrium Single Sign-On is configured for immediate use. This default configuration uses the internal data store as an authentication source and User Store. This configuration is suitable for demonstrations, proof-of-concept deployments, testing, and other small deployment scenarios. However, for a large-scale system, you should configure the use of an external for authentication source, such as an LDAP server. If an external source of group and user attributes is need, then an external User Store should also be configured.

To set up a method for authentication

To set up the LDAP / Active Directory, Kerberos, Certificate / CAC, RSA SecurId, AR, and Internal LDAP authentication methods, you use the Realm Authentication panel on the BMC Realm.

Note

The amadmin is the default administrator user for BMC Atrium Single Sign-on. You can use the amadmin user only for accessing BMC Atrium SSO Admin Console. However, you cannot logon to your authenticating BMC applications using the amadmin user.

The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

The following image displays the available authentication methods:

AuthTypes.png

SAMLv2 authentication

The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

Predefined authentication module

To help with the configuration of BMC Atrium Single Sign-On, a predefined Internal LDAP authentication module is provided. This predefined authentication module allows you to quickly configure your system. The Internal LDAP authentication module uses the internal LDAP server as an authentication source in the authentication chain and does not have parameters to configure.

When you select the Internal LDAP authentication module, it is added directly to the authentication chain without invoking an editor. The module can't be edited (since it does not have parameters) but it can be moved in priority and the authentication flag for it can be changed.

InternalLDAP.jpg

The internal LDAP server is shown in User Stores panel with a name of embedded and type of Internal LDAP.
embedLDAP.png

User Profile panel

The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

Authentication chaining

In addition, new chains can be created if a complex authentication chain is needed. For more information about authentication chains, see Managing-authentication-modules.

The order of authentication is changed by selecting an authentication method and clicking Up or Down.

Authentication chaining flags

Each module allows you to specify the criteria for authentication processing. If you are implementing only one authentication module instance, the flag must be set to Required. The criteria categories are Required, Requisite, Sufficient, and Optional. For most authentication chaining situations, all modules should use the Sufficient flag. For more information, see the definitions of the chaining flags in Managing-authentication-modules.

Where to go from here

The following topics provide information and instructions associated with configuration methods used with BMC Atrium Single Sign-On:

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*