This documentation supports the 9.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Managing users

BMC Atrium Single Sign-On provides basic user and group management features with the internal LDAP server. These features allow an administrator to manage users, groups, and memberships in the groups.

  • From the User tab, the administrator can create, delete, and manage user account information including group memberships.
  • From the Groups tab, the administrator can manage group memberships.

BMC Atrium Single Sign-On is configured to use an internal LDAP for user authentication (default). While not recommended for large-scale deployments, the internal database can be used for small deployments, demonstrations, and other Proof-Of-Concept (POC) work. For larger deployments, BMC recommends that you use an external authentication server, such as another LDAP server.

To access the User page

  1. On the BMC Atrium SSO Admin Console, click Edit BMC Realm.
  2. Select the User tab.

New users can only be created when you are using the internal LDAP server for authentication. If an external source is used for authentication, new users must be created within that external system.

Note

If special characters, such as comma ( , ) , semi-colon ( ; ), or plus sign ( + ) are used in the user ID, the backslash () must precede the special character. For example, Baldwin\,bob.


When creating a new user, each field that is marked with an asterisk is a required field.

To add a new user

  1. On the BMC Atrium SSO Admin Console, click Edit BMC Realm.
  2. Select the User tab.
  3. Click New.
  4. In the ID field, enter a unique identifier for the new user.
     This value is used as the user ID when the user logs in.
  5. Enter the user's last name and full name.
  6. Enter the password and confirm it.
  7. In the Status field, verify that the Active radio button is selected (default).
  8. Click Save.

The name attributes (First, Full, and Last) can be provided to BMC products to help identify user accounts by using terms that are more user-friendly. The actual use of these attributes, though, is dependent on the BMC product.

To search for users

If the number of users in the Available list is too large to find the user that you want to modify, use the search function. The asterisk (*) returns all user accounts. Enter part of the user ID to refine the user account list.

For example, the pattern, "b*", returns users starting with the letter "b" (case-insensitive) such as "bob" and "Baldwin".

To delete users

User accounts can only be deleted if BMC Atrium Single Sign-On is using the internal LDAP server for user authentication needs.

  1. On the BMC Atrium SSO Admin Console, click Edit BMC Realm.
  2. Select the User tab.
  3. Select the check box next to each user account in the User list that should be deleted.
  4. Click Delete.
  5. Click Ok.

To modify user information

  1. On the BMC Atrium SSO Admin Console, click Edit BMC Realm.
  2. Select the User tab.
  3. Select the user link that you want modify.
  4. Click Edit
  5. Modify the user's information.
  6. Click Save.

To enable or disable a user account

The user account can be enabled or disabled by changing the user status.

  1. On the BMC Atrium SSO Admin Console, click Edit BMC Realm.
  2. Select the User tab.
  3. Select the user that you want modify.

  4. In the Status field, click Active to enable or Inactiveto disable a user account.

    Note

    When a user account is disabled, the user cannot authenticate without losing any of the user attributes, such as group memberships. A user loses group memberships when the user account is deleted.

To add a group membership to a user account

A user is added to a group from the Group tab, however, the Group tab can be accessed from the User Editor pop-up.

  1. On the BMC Atrium SSO Admin Console, click Edit BMC Realm.
  2. Select the User tab.
  3. Select the user that you want modify.
  4. Select the Group tab.
  5. Select a group from the Available Groups list.
  6. Click Add.
     Alternatively, click Add All to add all of the available groups to the user account.

  7. Click Save.

    Important

    Be selective when adding users to a group, such the Predefined groups, so that elevated privileges are not accidentally assigned to a user. For example, BmcSearchAdmin has privileges to perform searches and BmcAgents has privileges to read configuration information.

To remove a group membership from a user account

A user is removed from a group from the Group tab, however, the Group tab can be accessed from the User Editor pop-up.

  1. On the BMC Atrium SSO Admin Console, click Edit BMC Realm.
  2. Select the User tab.
  3. Select the user that you want modify.
  4. Select the Group tab.
  5. Select a group from the Member of list.
  6. Click Remove.
     Alternatively, click Remove All to remove all of the available groups from the user account.
  7. Click Save.

To view user sessions

  1. Log on to the BMC Atrium SSO Admin Console.
  2. See the Sessions panel.

Notes

  • The Sessions panel displays the sessions that are in the memory of the server. With HA cluster, a single session may be shown multiple times which shows that the session has been replicated on the additional nodes.
  • The number of sessions retrieved from the server are displayed in pages. You may not be able to view all the sessions that are in the memory at a single time due to the maximum limit set for the Sessions table. This limit does not restrict the number of sessions that are supported by the server but restricts the number sessions that you can view in the Sessions table. To view a specific session which is not available due to maximum limit, you can filter the sessions based on your requirements.

To terminate an active user session

  1. On the BMC Atrium SSO Admin Console.
  2. In the Sessions panel, select the check box associated with the user session that you want to terminate.
  3. Click Invalidate Session.

Recommendations

  • You must take care that you do not accidentally terminate the session that is used to access the console or sessions that are used by BMC agents. These agent sessions use the following naming convention: <BMCJEEAgent>@<host>:<port> or <uri>@<host>.<port> Terminating these sessions will, at best, close the console the administrator is using or, at worst, prevent users from accessing the BMC products that the agent is protecting.
  • The application user's session may terminate with an error, when the BMC Atrium SSO session is terminated. This problem may occur if the session used by BMC agents is terminated from the BMC Atrium SSO Admin Console, or if the BMC Atrium SSO session timeout value is less than the application's timeout value. You must either increase the BMC Atrium SSO session's timeout value or decrease the application user's session timeout value to avoid sudden timeout errors.