This documentation supports the 21.3 version of BMC Helix Single Sign-On.To view an earlier version, select the version from the Product version menu.

Setting up BMC Helix SSO administrator accounts

As a SaaS administrator, you can create the following user accounts who will have access to the BMC Helix Single Sign-On Admin Console:

  • SaaS administrators—Users who have full administrative rights in the SaaS tenant and all customer tenants on the BMC Helix SSO server. 
  • Tenant administrators—Users who have access to the BMC Helix SSO Admin Console of specific tenants and have restricted administrative rights for those tenants.

For more details about permissions of these users, see Roles-and-permissions.

Related topics

Configuring-the-BMC-Helix-SSO-server

BMC-Helix-SSO-multitenancy

Verifying-the-installation

To create a SaaS administrator account

  1. As a SaaS administrator, log in to the BMC Helix SSO Admin Console.
  2. Click the Admin User tab.
    The list of administrator users is displayed.
  3. Click Add Admin User.
  4. On the Add Admin User page, enter the following details:
    • Admin User Login—Name of the BMC Helix SSO administrator. The value is case insensitive.
    • Password

    • Confirm Password 

      Important

      The password must correspond to the following requirements:
      1. The password length must be between 8 and 128 characters.
      2. You can use only ANSCII printable characters, and the password must contain characters from each of the following four categories:
      - uppercase letters
      - lowercase letters
      - numeric characters
      - special characters, except for a space character

      The example of the valid password - Ab1%Cd2#.

  5. Click Save.

The SaaS administrator account is now added, and it is available in List of Admin Users.

To create a tenant administrator account

  1. As a SaaS administrator, log in to the BMC Helix SSO Admin Console.
  2. On the navigation panel, click Tenant.
  3. From the list of tenants, select a tenant for which you would like to create a tenant administrator user account.
  4. Click the pin icon to switch to the BMC Helix SSO Admin Console of the selected tenant.
  5. On the navigation panel, click the Admin User tab.
    The list of administrator users is displayed.
  6. Click Add Admin User.
  7. On the Add Admin User page, enter the following details:
    • Admin User Login—Name of the BMC Helix SSO administrator. The value is case insensitive.
    • Password

    • Confirm Password 

      Important

      The password must correspond to the following requirements:
      1. The password length must be between 8 and 128 characters.
      2. You can use only ANSCII printable characters, and the password must contain characters from each of the following four categories:
      - uppercase letters
      - lowercase letters
      - numeric characters
      - special characters, except for a space character

      The example of the valid password - Ab1%Cd2#.

  8. Click Save.

The tenant administrator account is now added, and it is available in List of Admin Users.

User management tasks

Under the Action column on the Admin User tab, you can manage the administrator user accounts by performing the following tasks:

Task

Description

Lock or Unlock Admin User

If a user account has violated any policies, you can temporarily disable this user by locking the account. When you lock an administrator account, the current session of the administrator user does not get invalidated. You must manually invalidate the current session of this user. For information about how to invalidate a user session, see Invalidating-and-configuring-end-user-sessions.

If an administrator exceeds the number of login attempts by trying to log in using an incorrect password, the administrator account is locked automatically if you have configured the automatic lockout feature. You can unlock an administrator user at any time.

Note: You cannot lock an administrator account under which you are currently logged in. To lock the account, you must log in to the BMC Helix SSO Admin Console as another administrator user.

Edit Admin User

You can change the password of an administrator. The password complexity is the same as for creating a new administrator.

Note: You cannot change the login name of an administrator.

Delete Admin User

You can delete an administrator account.

When you delete an administrator user account, the old sessions of the administrator user account do not get invalidated. You have to manually invalidate the old sessions of that administrator user.

Note: You cannot remove an account under which you are currently logged in. To remove the currently logged in user account, log in to the BMC Helix SSO Admin Console as another administrator user, and delete the required account.

To configure BMC Helix SSO to lock an administrator account automatically

You can configure BMC Helix SSO to automatically lock an administrator account in a case of brute force attack. By default, this feature is enabled. 

  1. Log in to the BMC Helix SSO Admin Console.
  2. Click the General tab.
  3. Select Basic > Session Settings.

  4. In the Admin Lockout Threshold field, select a value to set the maximum number of unsuccessful login attempts allowed by BMC Helix SSO within one minute. 

    If the number of login attempts exceeds the number of attempts that you have set, the administrator account will be locked automatically.

    Important

    • The default value is 0. The lockout feature is disabled when this value is set to 0.
    • The lockout feature applies to internal administrators only.
  5. Click Save.