Skip to Content

Self-service configuration for BMC Helix SSO Tenant administrator

As a Tenant Administrator, in addition to existing local user management, you can perform the following list of operations in the BMC Helix SSO:

  • View audit records.
  • Manage sessions (view or delete existing sessions).
  • Configure the settings of allowed authentications.

A self-service configuration allows Tenant Administrators to perform administrative operations available in BMC Helix SSO autonomously. 

Related topics

Configuring the Remedy SSO server

To configure self-service in the Tenant

  1. As a SaaS administrator, log in to the BMC Helix SSO Admin Console.
  2. On the navigation panel, click Tenant.
  3. Select the appropriate tenant to edit. 
  4. Select the Self Service check box.
  5. Save your changes.

By default, this option is disabled. After it is enabled, it provides the list of available parameters for the self service configuration. Here, you can select the appropriate type of authentication among the set of authentications created by the SaaS Administrator and set an AR host name and AR service port for AR Bypass authentication mechanism. Enabled Self service checkbox on a tenant level allows to limit the available authentication types for a realm.

To enable tenant administrators to manage application domains

(Version 25.4.02 and later)

Before proceeding with the steps, ensure that self-service is enabled for your tenant.

  1. As a SaaS administrator, log in to the BMC Helix SSO Admin Console.
  2. On the navigation panel, click Tenant.
  3. Select the appropriate tenant to edit.
  4. Select the Allow tenant admins to update application domains check box.
  5. Save your changes.

By default, this option is disabled. After it is enabled, tenant administrators can add, remove, and update application domains. To do so, the tenant administrator navigates to Realm and modifies the Application Domain(s) field. 

To configure self-service in the Realm

After the configurations in the Tenant are done, navigate to the appropriate Realm to make it available for the Tenant Administrator for further configurations of the authentication settings.

  1. From the list of the Realms, select the necessary one.
  2. Click Edit Realm.
  3. Select the Self service checkbox.
  4. Save your changes.
Warning

Important

By default, all existing or newly created realms are disabled for a self-service configuration.

The four tabs become available for a Tenant Administrator in addition to existed Local User management:

  • Realm – make changes for branding, update Authentication settings (with no access to information about bypass)
  • Session – get information about existed sessions, manage them (delete)
  • OAuth2 – to manage OAuth2 related settings
  • Audit – to get data about admin and end-user audited actions

Edit OAuth2 parameters

As a Tenant Administrator, you can configure all settings related to OAuth2 except the OpenID Connect Issue URL.

outh_tab_ui.JPG

Warning

Important

The OpenID Connect Issuer URL parameter is not available for editing by the Tenant Administrator under the self-service configuration.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Helix Single Sign-On 25.4