Skip to Content

Self-service configuration for BMC Helix SSO tenant administrator

As a tenant administrator, in addition to existing local user management, you can perform the following list of operations BMC Helix SSO:

  • View audit records.
  • Manage sessions (view or delete existing sessions).
  • Configure the settings of allowed authentications.

A self-service configuration allows tenant administrators to perform administrative operations available in BMC Helix SSO autonomously. 

Related topics

Configuring the Remedy SSO server

To configure self-service in the tenant

  1. As a SaaS administrator, log in to the BMC Helix SSO Admin Console.
  2. On the navigation panel, click Tenant.
  3. Select the appropriate tenant to edit. 
  4. Select the Self Service check box.
  5. Save your changes.

By default, self-service for the tenant is disabled. After it is enabled, it provides the list of available parameters for the self-service configuration. Here, you can select the appropriate type of authentication from the set of authentications created by the SaaS Administrator and set an AR host name and AR service port forthe  AR Bypass authentication mechanism. When self-service is enabled at the tenant level, you can limit the available authentication types for a realm.

To enable tenant administrators to manage application domains

By default, the option to manage application domains is disabled. After the SaaS administrator enables the option, tenant administrators can add, remove, and update the application domains. To do so, tenant administrators must navigate to Realm and modify the Application Domain(s) field.

  1. Make sure self-service is enabled for your tenant.
  2. As a SaaS administrator, log in to the BMC Helix SSO Admin Console.
  3. On the navigation panel, click Tenant.
  4. Select the appropriate tenant to edit.
  5. Select the Allow tenant admins to update application domains check box.
  6. Save your changes.

To configure self-service in the realm

After the configurations in the tenant are done, navigate to the appropriate realm to make it available for the tenant administrator for further configurations of the authentication settings.

  1. From the list of the Realms, select the necessary one.
  2. Click Edit Realm.
  3. Select the Self service checkbox.
  4. Save your changes.
Warning

Important

By default, all existing or newly created realms are disabled for a self-service configuration.

The four tabs become available for a tenant administrator in addition to existed Local User management:

  • Realm – make changes for branding, update authentication settings (with no access to information about bypass)
  • Session – get information about existing sessions, manage them (delete)
  • OAuth2 – to manage OAuth2 related settings
  • Audit – to get data about admin and end-user audited actions

Edit OAuth2 parameters

As a tenant administrator, you can configure all settings related to OAuth2 except the OpenID Connect Issue URL.

outh_tab_ui.JPG

Warning

Important

The OpenID Connect Issuer URL parameter is not available for editing by the tenant administrator under the self-service configuration.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Helix Single Sign-On 26.1