Configuring settings for BMC Helix SSO administrators
To configure the maximum session time for administrators
- In the BMC Helix SSO Admin Console, select General > Basic.
- In the Max Admin Session Time field, set the time after which the admin session expires. - When this value is selected, time constraints are automatically enforced. By default, one hour is set. 
- Click Save.
To enable the lockout functionality for BMC Helix SSO administrators
By default, the account lockout functionality is disabled for the BMC Helix SSO Admin Console. You can set the number of login attempts for BMC Helix SSO administrator accounts before the accounts get locked out.
- In the BMC Helix SSO Admin Console, select General > Basic.
- In the Admin Lockout Threshold field, enter the number of login attempts for administrators. 
 By default, the value is set to 0.
To update the retention policy
By default, all logged audit actions are stored in the database for the last 120 days. You can change the number of days in the Retention policy field only if you have the administrator rights and enable administrator events audit or end-user events audit. The Retention policy option is enabled by default.
To change the number of days for logging audit records in the database, perform one or more of the following actions:
| Task | Steps to perform | 
|---|---|
| To configure the retention policy for audit logs | 
 | 
| To disable the retention policy | 
 | 
| To delete old audit logs | 
 | 
To enable audit records on the BMC Helix SSO server
By default, audit is disabled for both administrator and end-user actions. You can enable audit records on the BMC Helix SSO server. The following screenshot shows the Audit section in the BMC Helix SSO Admin Console:

- In the BMC Helix SSO Admin Console, select General > Advanced.
- In the Audit section, select the appropriate check box:- Admin events—To enable audit records for administrator actions.
- End-user events—To enable audit records for end-user actions, select the End-user events check box.
 
- Click Save.
When you enable audit logging, the Audit tab in the BMC Helix SSO Admin Console displays all actions performed by the administrator, end user, or both. By default, the Audit tab shows all logged administrator, end-user actions, or actions of both for the last day. You can get audit actions for a certain date and one session. For more information, see Reviewing-audit-records.
To enable activity logs for administrator activities
You can integrate the third party application, Gainsight, which helps collect the activity logs of administrator users in the BMC Helix SSO Admin Console and can provide statistics for their activities.

- In the BMC Helix SSO Admin Console, select General > Basic.
- Select the Interactive Gainsight check box from the Self-Help section.
 By default, this option is disabled.
- Click Save.
- Log out from the BMC Helix SSO Admin Console and log in again to apply this setting.
To encrypt data
Administrators can encrypt data such as database passwords and use that encrypted data to ensure security.
To encrypt data, perform the following steps:
- In the BMC Helix SSO Admin Console, select Service > Encryption.
- In the Text to encrypt field, enter the text that you want secure.
- Click Encrypt.
 The Result field shows the encrypted data.
- To use the encrypted data, click Copy.
To validate a SpEL expression
Administrators can validate SpEL expressions to identify any issues in them. Validating the SpEL expressions is helpful in different situations; for example, while transforming a user ID.
To validate an expression, perform the following steps:
- In the BMC Helix SSO Admin Console, select Service > SpEL Test.
- In the Expression field, enter the SpEL expression that you want to validate.
 For example, enter #userid.split("@")[0].
- In the Value field, enter the value of that SpEL expression.
 For example, enter allen@hr.c.om
 The Result field shows the result of applying the SpEL expression.
Where to go from here
