This documentation supports the 9.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Enabling tenant administrators to configure BMC Atrium Single Sign-On

You can allow configuration of single sign-on for each tenant in a multi-tenant environment by using the BMC Atrium SSO Tenant Console. This solution provides a way to allow tenant administrators (BMC Remedy administrators in a multi-tenant environment) to configure authentication and branding per their requirements. The BMC Atrium SSO Tenant Console enables tenant administrators to set the BMC Atrium Single Sign-On server as a service provider (SP) and the external identity provider as the Identity Provider (IdP).

To enable configuration of BMC Atrium Single Sign-On in a multi-tenant environment, you must use SAMLv2 for authentication. For more information, see Using-SAMLv2-for-authentication.

Note

To enable authentication of BMC Remedy users when the mid tier is configured in a multi-tenant environment, you must use the BMC Atrium Single Sign-On server as your SP, and any external IdP.

To enable the BMC Atrium SSO Tenant Console

  1. From the Realm Editor, in the BMCSaaSAdmin group, add all users to whom you want to give tenant administrator privileges.
    You must add users to the group in the corresponding realm for each tenant. For more information, see Managing-user-groups.
  2. Stop the BMC Atrium Single Sign-On server.
  3. Set the value of the allow.tenant.domain and allow.multiple.realm parameters to true in the web.xml file at one of the following locations:
    • (Microsoft Windows) <installationDirectory>\tomcat\webapps\atriumsso\WEB-INF\
    • (UNIX)  <installationDirectory>/tomcat/webapps/atriumsso/WEB-INF/
  4. Save and exit the file.
  5. Restart the BMC Atrium Single Sign-On server.

Note

Because BMC Atrium Single Sign-On is deployed in a High Availability (HA) cluster environment, all nodes in the cluster must enable the BMC Atrium SSO Tenant Console.

After enabling the BMC Atrium SSO Tenant Console 

  • BMC Remedy administrators must add a local service provider called sp to the Realm Editor. For more information, see Creating-a-local-SP-for-SAML-configuration.
  • Tenant administrators can access the console by using the following URL:
    https://<fqdn>:<port>/atriumsso/UI/Login?realm=<realm>
    For information about configuring SAMLv2 for authentication by using the Tenant Console, see Managing-the-BMC-Atrium-SSO-Tenant-Console.
  • BMC Remedy administrators can access the console using the following URL:
    https://<fqdn>:<port>/atriumsso/atsso/console/samladmin/samladmin.html?realm=<realm> 

This console helps BMC Remedy administrators to verify the information that tenant administrators have provided in the console. For more information, see Verifying-the-tenant-configuration.   

Warning
  • If the BMC Atrium Single Sign-On administrator has not created a local SP, tenant administrators who log on to the BMC Atrium SSO Tenant Console receive an error message about insufficient privileges.
  • If the BMC Atrium Single Sign-On administrator has not added a signing certificate to the local SP, users receive an error message about an incomplete configuration.

Where to go from here

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*