Glossary

A user who has access to the 

BMC Helix SSO

 Admin Console.

A collection of user actions during a certain period of time. In BMC Helix SSO, you can enable audit for end-user and administrator actions.

A process of recognizing a user's identity. When users specify their credentials and successfully log in to the system, they are authenticated. Authentication defines who the user is.

A flow that is used to authenticate users. An authentication method affects the log-in and log-out experience. The examples of the authentication methods in 

BMC Helix SSO

 are Kerberos, LDAP, OpenID Connect, etc.

A process of giving someone permissions to access an area within a computer system. Authorization defines what users can access.

A fallback mechanism that enables you to invoke extra authentication methods if the primary authentication fails.

Serves as a centralized location for users to access the BMC applications integrated with 

BMC Helix SSO

. The previous name of the DSM page—Launchpad.

An identification string that defines a realm of administrative autonomy, authority, or control within the internet. For example, .com.

The term end user refers to everyone who logs in to the application integrated with BMC Helix SSO, including local users.

A domain name that specifies the exact location of the domain in the tree hierarchy of the Domain Name System (DNS). For example, www.docs.bmc.com.

A third-party system that provides users. The example of the IdP in 

BMC Helix SSO

 is Active Directory.

A network authentication protocol that works on the basis of tickets to allow nodes that communicate over a non-secure network to prove their identity to one another in a secure manner. 

The term local user (local user or local administrator) refers to a user who is created and stored locally on the 

BMC Helix SSO

 server, not on an external identity provider.

A security component of 

BMC Helix SSO

 that takes part in an authentication process. A realm defines whether a user is authenticated through the identity provider, and provides this data to the application. A realm is specific only for 

BMC Helix SSO

. Realms must be created and configured separately for each tenant.

A standalone BMC product that enables users to log in to multiple applications within an organization by using a single ID and password. 

A user who has full rights to create, activate, delete, or temporarily deactivate other SaaS administrators, tenant administrators, and tenants in BMC Helix SSO. Users with this role can view and change the configuration of any tenant registered on the BMC Helix SSO server.

An XML based framework for describing and exchanging security information between online business partners. In 

BMC Helix SSO

, SAML is used as an authentication protocol.

In the 

BMC Helix SSO

 context, 

BMC Helix SSO

 functions as a service provider and uses the data provided by the identity provider to authenticate a user. 

A period of time during which a user is allowed to access the resource without re-entering the credentials. When 

BMC Helix SSO

 authenticates the user, a session is created.

A configuration instance that has its own share of data and functionality. Tenants are fully isolated from each other, but they are saved on the same 

BMC Helix SSO

 server. An example of a tenant is a separate BMC customer. For example, Bank of America and Bank of Canada are BMC customers who share a common 

BMC Helix SSO

 instance, but are conceptually separated as tenants on the 

BMC Helix SSO

 server.

A user who has full rights to manage local users for realms in their tenant.

The term user refers to everyone, including local users, local administrators, and end users.