Administering

This section contains information about configuring BMC Helix SSO for various authentication types, and other administrative tasks such as configuring branding details or viewing user sessions.

Administering tasks for BMC Helix SSO subscribers

The following task applies to you if you have the permissions of a tenant administrator on the BMC Helix SSO server:

Task	Reference
Create, edit and delete users and groups for realms with local authentication type	Managing-local-users-and-passwords

Administering tasks for BMC Helix SSO on-premises users

The following tasks apply to you if you have the permissions of a SaaS administrator in the BMC Helix SSO Admin Console:

Task	Reference
Create internal administrators (SaaS administrators and tenant administrators) with access to the BMC Helix SSO Admin Console.	Setting-up-BMC-Helix-SSO-administrator-accounts
Set up multiple tenants on the BMC Helix SSO server.	Activating-tenants
Configure the following settings on the BMC Helix SSO server: General settings—cookie domain, session settings, and server logging Advanced settings—cookie name, service URL, and service provider options for SAML authentication Admin authentication settings—Enable authentication for internal administrator users, and configure access to BMC Helix SSO Admin Console for users from an external LDAP directory.	Configuring-the-BMC-Helix-SSO-server
Configure the following settings on the BMC Helix SSO agent: General settings—multi-domain, preauth, password change using AR System server, msp, and other settings URL settings—external URL, service URL, logout URLs, and other URL settings Session settings—cache timeout, cache type, and redis settings	Configuring-the-BMC-Helix-SSO-agent
Configure BMC Helix SSO for end user authentication: Add and configure authentication for realms Enable AR authentication for bypass Enable BMC Helix SSO to authenticate applications in iframes Rebrand the BMC Helix SSO end user login page Set up the user ID transformation Enable and configure authentication chains for a realm	Setting-up-end-user-authentication
Create, edit and delete users and groups for realms with local authentication type.	Managing-local-users-and-passwords
Configure OAuth 2.0 protocol for one or more of the following tasks: Register OAuth 2.0 native client applications Register OAuth 2.0 non-native client applications Set up token timeout for client applications Generate JWKs for OAuth 2.0 flow View and delete tokens of active user sessions	Configuring-OAuth-2-0
Configure user ID transformation for custom user IDs	Creating User ID custom transformation types
Invalidate end user sessions	Invalidating-and-configuring-end-user-sessions



Create a backup of the BMC Helix SSO server before upgrade. Restore the BMC Helix SSO configuration from backup.	Exporting-and-importing-BMC-Helix-SSO-server-configuration
Transfer BMC Helix SSO server configuration between servers	Transferring-data-between-BMC-Helix-SSO-servers
View audit records for actions performed by all BMC Helix SSO administrators.	Reviewing-audit-records
Configure infinite user sessions for users with Local, SAML 2.0, and OpenID Connect authentication types.	Configuring-infinite-user-sessions
Configure immediate logout from all applications	Supporting-immediate-logout-from-all-applications
Analyze application issues by viewing tokens for a user session	Viewing-tokens-for-a-user-session-to-analyze-application-issues

Administering

Administering tasks for BMC Helix SSO subscribers

Administering tasks for BMC Helix SSO on-premises users

On this page