This documentation supports the 24.3 and consecutive patch versions of BMC Helix Single Sign-On.To view an earlier version, select the version from the Product version menu.

Configuring Local authentication

You can configure BMC Helix Single Sign-On server for local authentication. 

Local authentication is a simple light-weight user store which should not be used as a corporate-wide authentication provider. It is not designed as a high performance authentication provider to support group policies, password expiration, and so on. It allows creating realm specific user stores which can be used for different purposes.

You might need to configure Local authentication in one of the following use cases:

  • For applications that require several user accounts
  • For cases when corporate identity providers are not available
  • For testing purposes

You should consider other authentication types when you design corporate-wide authentication for a high workload.

Before you begin

Add and configure a realm as it is described in Adding-and-configuring-realms.

To configure BMC Helix SSO for Local authentication

  1. In the left navigation panel of the Add Realm or Edit Realm page, click Authentication.
  2. In the Authentication Type field, click Local.

  3. To add another authentication type, click Enable Chaining Mode.  

    Best practice
    Because Local authentication is a simple light-weight user store, we recommend adding another authentication type to handle high workloads.

  4. (Optional) In the ALLOW-FROM DOMAIN(s) field, specify the URLs of the resources supported by BMC Helix SSO that you want to launch in iframes.

To configure your email server for Local authentication

  1. Log in to BMC Helix Single Sign-On.
  2. Select Service > Email server.

  3. On the SMTP Server configuration page, complete the following fields:

    Field

    Action

    Host

    Specify the host of your email server.

    Port

    Specify the port of your email server.

    Use TLS connection

    If your email server uses a Transport Layer Security protocol, select the Use TLS connection check box.

    Connection timeout, millis

    Specify the time in milliseconds after which the SMTP server connection should end.

    Important: If you do not specify any value, the default value of 30 seconds is used.

    Read timeout, millis

    Specify the time in milliseconds after which the SMTP server should end a read request.

    Important: If you do not specify any value, the default value of 30 seconds is used.

    Write timeout, millis

    Specify the time in milliseconds after which the SMTP server should end a write request.

    Important: If you do not specify any value, the default value of 30 seconds is used.

    Auth Method

    If your email server is configured to use an authentication method, in the Auth Method field, select LOGIN or PLAIN.
    If no authentication method is used, select NONE.

  4. Click Update.

To create an email template for Local authentication

  1. Select Service > Email templates.
  2. Click Add Email Template.
  3. In the Name field, specify the name of the email template.
    For example, Forgot password template.
  4. Specify the sender and the subject of the email.
  5. In the Body field, specify the body of the email and one of the link references:
    https://rsso.onbmc.com/rsso/action/forgot-password/reset?id={{resetPasswordId}}
    https://rsso.onbmc.com/rsso{{resetPasswordUrlPath}}?id={{resetPasswordId}}
    https://rsso.onbmc.com/rsso{{resetPasswordUrlFullPath}}
    You can also add {{loginName}} to specify the end user's name in the email.
  6. Click Save.


Where to go from here

When you have configured a realm with Local authentication type, you can add users and groups to this realms. For information about how to do this, see Managing-local-users-and-passwords.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*