Phased rollout This version of the software is currently available only to early adopter SaaS customers as the first step in our phased rollout.

21.02 enhancements

Review the BMC Helix Single Sign-On 21.02 enhancements for features that will benefit your organization and to understand changes that might impact your users.

Related topics

Known-and-corrected-issues

Release-notes-and-notices

21.02 enhancements

BMC Helix Single Sign-On enhancements

Lockout.png

Ability to lock a local user account after unsuccessful login

A BMC Helix SSO administrator can enable account lockout if a local user enters incorrect credentials. As a BMC Helix SSO administrator, you can configure the lockout threshold and lockout interval. The locked user can be unlocked by the BMC Helix SSO administrator or automatically. For more information, see Managing-local-users-and-passwords.

Ability to force local users to reset password

As a BMC Helix SSO administrator, you can force local users to reset their password after they successfully log in to the BMC application integrated with BMC Helix SSO. For more information, see Managing-local-users-and-passwords.

Force to reset password.png

What else changed in this release

In this release, note the following significant changes in the product behavior:

Update

Product behavior in versions earlier than 21.02

Product behavior in version 21.02

Enhanced security for the BMC Helix SSO server.

Secure cookie was disabled by default.

Secure cookie is enabled by default; see Configuring-settings-for-the-BMC-Helix-SSO-server.

A configurable option to allow a SAML session to finish simultaneously with the BMC Helix SSO session.

For the SAML authentication type, the session remained active even after the BMC Helix SSO session was over.

Option to end a SAML and BMC Helix SSO sessions simultaneously is enabled by default. For details, see

Configuring-SAML-2-0-authentication.

Description field is available for the Preauthentication value of the Authentication type.

No Description field was present for the Preauthentication value of the Authentication type.

Description field is displayed on the Preauthentication form by default; see Configuring-preauthentication.

Ability to set custom time-out values for tokens.

Token time-outs were set according to Auth global access by default.

Time-out for tokens is configurable; see Configuring-OAuth-2-0.

Ability to perform authenticated sessions between applications in different security domains.

Usage of several applications was restricted to those that have one common domain.

Authentication is available in several applications that have different domains.

Deprecation of support for Microsoft Internet Explorer 11.

BMC Helix SSO supported Microsoft Internet Explorer 11.

As announced, support for Microsoft Internet Explorer version 11 is now deprecated. We encourage you to switch to other fully supported browsers listed for BMC Helix SSO in theBMC Solution and Product Availability and Compatibility utility. For a complete list of BMC products that no longer support Internet Explorer 11, see theBMC Customer Support Communities page.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*