This documentation supports the 24.2 and consecutive patch versions of BMC Helix Single Sign-On.To view an earlier version, select the version from the Product version menu.

Configuring preauthentication

As a BMC Helix Single Sign-On administrator, you can configure a realm for preauthentication if a third-party provider is configured to perform authentication. 

Before you begin

Add a realm and configure its general settings.

For more information about how to add and configure a realm, see Adding-and-configuring-realms.


Related topic

Preauthentication

Transforming-userID-to-match-login-ID

Enabling-AR-authentication-for-bypassing-other-authentication-methods

To configure preauthentication

  1. Log in to BMC Helix SSO Admin Console.
  2. In the left navigation panel of the Add Realm or Edit Realm page, click Authentication.
  3. From the Authentication Type list, select PREAUTH.

  4. In the User ID field, enter the name of the JWT entry to be used for user identification.

    Important

    Because a JWT is generated and provided by a third-party system, the name of the claim containing the User ID is arbitrary. Consult the documentation of your third-party product to find out the actual JWT claim name containing the User ID value used for integration.

  5. In the Certificate field, copy the certificate of the server that signs the JWT. 

    Important

    The certificate must be in Privacy Enhanced Mail (PEM) format.

  6. (Optional) To allow an originating application to open a target application through iframe, in the ALLOW-FROM Domain(s) field, enter the name of the originating application. 
    You can specify the target server as follows:

    • * - wildcard. Allowed for all domains.
    • hostname - Allowed for specified domain, ignoring port.
    • hostname:port - Allowed for exact match host:port.
    • proto://hostname:port - Allowed for exact match host:port. 
  7. Click Save.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*