This documentation supports the 9.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Adding or deleting realms

A realm is a virtual Identity Provider (IdP) used to authenticate a tenant. Each realm is mapped to a web agent in the corresponding BMC application. BMC Atrium Single Sign-On allows you to configure a new realm for each server or group in your environment. For example, you can create a realm for the Development server and another for the Test server.

To provide individual properties for authentication, you must add a realm for each server or group in BMC Atrium Single Sign-On. You can add multiple realms by using the Realms panel.

In case of multiple realms, the Realms panel replaces the default BmcRealm panel in the BMC Atrium SSO Admin Console. The Realms panel displays the realm name along with its user profile and status. Each realm has the same capability as BmcRealm and helps you manage realm authentication, federation, user stores (BMC Remedy AR System and LDAPv3), users, and user groups.

The following topics are provided:

 

Adding Realms

In BMC Remedy AR system, when a tenant that uses BMC Atrium Single Sign-On for authentication is added, you must add a corresponding realm to BMC Atrium Single Sign-On so that single sign-on is seamlessly available for the new tenant. To add realms to a BMC Atrium Single Sign-On server, use the Realms panel on the BMC Atrium SSO Admin Console. The Realms panel is available only after you enable support for multiple realms.

The following image shows the BMC Atrium SSO Admin Console when the Realms panel is available.

MultiRealmConsole.png

Note

BmcRealm is the default realm and cannot be deleted.

To add a new realm

  1. On the Realm panel, click Add. The Create Realm Editor is displayed.
    CreateRealmEditor_Multitenant.gif
  2. In the Realm Name field, provide a name for the new realm.

  3. In the Tenant Domain field, provide the domain name used by the customer; for example, dev.bmc.com or qa.bmc.com.

    Note

    Use semicolon separators when adding more than one host name; for example, admin.dev.bmc.com; users.dev.bmc.com.

  4. In the User Profile field, select one of the following user profiles:
    • Dynamic — A local Single Sign-On user profile is created after a successful authentication, if it does not already exist.
    • Ignored — No local Single Sign-On user profile is created or required for authentication.
    • Required — A local Single Sign-On user profile with the same user ID is required for authentication to be successful.
  5. Click Save.

Note

With the latest release, users accessing the application URL (for example, https://company.onbmc.com/arsys) must provide a valid domain name the first time they access the application. The logon page prompts the user to enter a domain name, based on which the user is redirected to log on to the relevant realm. For more information, see Authenticating-to-the-correct-realm-automatically.

Deleting realms

To delete a realm, select the realm on the Realms panel and click Delete.

Where to go from here

To customize realms, see Editing-custom-realms.

Related topics

Mapping realm URLs to an agent automatically

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*