Enabling BMC Helix SSO server to store additional user data for authenticated users


BMC Helix SSO can request additional data for authenticated users from the Action Request System server (AR System server), and store that data in the BMC Helix SSO database. This feature is available for all authentication types in the realm.

The following user data can be stored:

  • Last name
  • First name
  • Corporate email

When BMC Helix SSO authenticates a user,  it retrieves additional information such as the user's first and last name and corporate email ID from the AR System server and stores it in the BMC Helix SSO database. When an external service or integrated application requests additional user information, the data is available directly in BMC Helix SSO. You do not need to individually configure external services or integrated applications to fetch the additional user data from the AR System server, as the data is available on the BMC Helix SSO server.

To enable BMC Helix SSO to store additional user data for authenticated users

  1. Log in to the BMC Helix SSO server as a SaaS administrator. 
  2. On the navigation panel, click Realm.
  3. Select the realm, and from the Actions menu, click Edit Tenant Icon.pngEdit Realm.
  4. (Optional) Update the following AR System server details: 

    Field name

    Description

    AR API URL

    Enter the URL of the Action Request System server (AR System server) API URL.

    AR Integration User Name

    Enter the user name to be used to access the AR System server

    AR Integration User Password

    Enter the password for the specified user name to access the AR System server.

  5. Save your changes.

How additional user data is retrieved

  1. When a user logs in to the integrated application, BMC Helix SSO authenticates the user by using the assigned authentication type in the realm.
  2. After the user is authenticated, BMC Helix SSO fetches additional user information from the AR System server by making API calls to AR System server and stores it within that session.
  3. BMC Helix SSO provides this user information to the integrated application after authentication or as a response to an API call. The user information is provided in one of the following ways:

    • As a part of the response for Open ID Connect token in the id_token payload
    • As a part of the response for a Helix SSO, OAuth2, or introspect API call

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*