FAQ

Here are some answers to the most frequently asked questions about the BMC Helix Single Sign-On product.

Related topics

Troubleshooting

Frequently asked questions about BMC Helix Single Sign-On


An end user has modified the password, however the end user is still able to access BMC Helix SSO applications. Has the password been updated?

Identity providers do not automatically notify BMC Helix SSO about the password change. Hence, an end user's BMC Helix SSO session remains active until it expires, and is not revoked after password change on IdP. To force the logoff, and receive the request for entering a new password, an end user needs to ask a BMC Helix SSO administrator to delete all active sessions/OAuth of this end user.

How can I change my Helix SSO administrator password?

You can change your password in the BMC Helix SSO Admin Console, in the Admin User Management. To change your password, select your user account name, and then edit your password as required. See Setting-up-BMC-Helix-SSO-administrator-accounts for more details about how to change the password of an administrator.

I'd like to obtain BMC Helix SSO server version. How can I get that?

You can obtain the BMC Helix SSO server version information through the <RSSO Server>/config/server-status URL. You must be authenticated as a BMC Helix SSO administrator before that.

Is there a way to automatically retrieve OAuth metadata from the Helix SSO server?

Yes, you can do this.

If the OpenID Issuer URL is configured for the OAuth 2.0, developers of third-party applications can retrieve the OAuth metadata from the BMC Helix SSO server by using the following autodiscovery URL: RSSO_host:RSSO_port/rsso/.well-known/openid-configuration.

Running this request in the browser window returns details about the OpenID Connect provider's configuration, including the URIs of the authorization, token, revocation, userinfo, and public-keys endpoints.

Does BMC Helix SSO support multi-factor authentication?

Multi-factor authentication is not implemented on the BMC Helix SSO side. BMC Helix SSO only supports scenarios where the Identity Provider that is configured in BMC Helix SSO for authentication has configured multi-factor authentication.

For example, if your application is integrated with the BMC Helix SSO server that is configured to use the SAML protocol to authenticate users accessing an application, then for the end users to pass the authentication flow, multi-factor authentication must be enabled and configured on the SAML Identity Provider.

Does BMC Helix SSO provide options for auditing end-user actions?

Yes.

You can enable audit records for end-user events in the BMC Helix SSO Admin Console > General > Advanced > select the End-user events check box.

Frequently asked questions about the idle timeout


What if a page is minimized or hidden?

If the idle timeout value is reached, logout happens anyways.

What if the UI idle timeout Helix SSO script does not work for one of the integrated BMC applications?

If the UI idle timeout BMC Helix SSO script does not work for at least one of the applications, the idle timeout does not work for all of the applications. 

What if applications have a different UI idle timeout period?

A warning message is shown for an application with the least UI idle timeout value first.

What if a user has got an infinite session?

Idle timeout is not applied.

What if the single logout option is not enabled in a realm?

A user is not logged out from all the applications, but only from the applications that reached the idle timeout value.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*