Phased rollout This version of the software is currently available only to early adopter SaaS customers as the first step in our phased rollout.

Configuring settings for the BMC Helix SSO server

Review the following settings for BMC Helix SSO server, and configure them as required.

Related topics

Configuring-the-BMC-Helix-SSO-server



Security planning

To set the cookie domain

If your ITSM and BMC Helix Digital Workplace applications are available on itsm.yourcompany.com and dwp.yourcompany.com, and BMC Helix SSO is on sso.yourcompany.com, then the cookie domain must be set to sso.yourcompany.com.

  1. In the BMC Helix SSO Admin Console, select General > Basic.

  2. In the Cookie Domain field, enter the cookie domain value.

    Important

    The cookie domain value must contain a dot (".").

    Ensure that the value is correct because a wrong value can cause a redirection loop.

  3.  Click Save.

To configure the maximum session time for end users

  1. In the BMC Helix SSO Admin Console, select General > Basic.
  2. In theMax Session Time field, set the time after which the user session should expire.
    By default, the session timeout is set as 4 hours. When this value is selected, time constraints are automatically enforced. 
  3. Click Save.

To configure the log level for the BMC Helix SSO server

  1. In the BMC Helix SSO Admin Console, select General > Basic.

  2. From the Server Log Level list, select a severity level for logging messages.

    Important

    The DEBUG level affects the BMC Helix SSO server performance.

  3. Click Save.

To set the cookie name

If you configure BMC Helix SSO across multiple staged environments within the same domain, you must specify a unique cookie name for each environment. For example, if you have four environments (DEV, QA, STAGING, and PRODUCTION), each group of applications within the same domain must have the environment's unique cookie name.

  1. In the BMC Helix SSO Admin Console, select General > Advanced.
  2. In the Cookie Name field, enter a unique value.
  3. Click Save.

To manage the cookie security for end users

For end users, BMC Helix SSO leverages the secure cookie by default. If all integrated applications run on HTTP, and are accessed only through HTTP, the BMC Helix SSO administrator might need to disable the secure cookie by performing the followings steps:

  1. In the BMC Helix SSO Admin Console, select General > Advanced.
  2. Clear the Enable Secured Cookie check box.
  3. Click Save.

To enable a secure cross site cookie

To enable a cross site cookie for a browser, perform the following steps:

  1. In the BMC Helix SSO Admin Console, select General > Advanced.
  2. Select the Enable Secured Cookie check box.
    Secure cookie is by default enabled. 
  3. Select the Use Cross Site Cookie check box.
    This check box is grayed out unless you enable the secure cookie.
  4. Click Save.

To set the service URL on the BMC Helix SSO server

The service URL provides information about the location of the BMC Helix SSO server, and the BMC Helix SSO server uses the service URL to generate session tokens. 

  1. In the BMC Helix SSO Admin Console, select General > Advanced.
  2. In the Service URL field, set the BMC Helix SSO service URL. 
  3. Click Save.

To manage the cookie security for administrators

For administrators, the secure cookie is disabled by default. To enable the secure cookie:

  1. In the BMC Helix SSO Admin Console, select General > Advanced.
  2. In the Admin Cookie section, select the Secure cookie check box.
  3. Click Save.

If this check box is selected, the administrator cannot log in to the BMC Helix SSO Admin Console without HTTPS.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*