This documentation supports the 22.1 version of BMC Helix Single Sign-On, which is available only to BMC Helix customers (SaaS). To view an earlier version, select the version from the Product version menu.

Glossary

This glossary defines terms that are relevant to BMC Helix Single Sign-On. Because the content comes from the Common Glossary, it might include definitions common to other BMC products and solutions.

Related topics

FAQs

Orientation

Key-concepts

Most commonly used terms in BMC Helix SSO

Admin user

A user who has access to the 

BMC Helix SSO

 Admin Console.

Audit

A collection of user actions during a certain period of time. In BMC Helix SSO, you can enable audit for end-user and administrator actions.

Authentication

A process of recognizing a user's identity. When users specify their credentials and successfully log in to the system, they are authenticated. Authentication defines who the user is.

Authentication method

A flow that is used to authenticate users. An authentication method affects the log-in and log-out experience. The examples of the authentication methods in 

BMC Helix SSO

 are Kerberos, LDAP, OpenID Connect, etc.

Authorization

A process of giving someone permissions to access an area within a computer system. Authorization defines what users can access.

Chaining

A fallback mechanism that enables you to invoke extra authentication methods if the primary authentication fails.

Digital Service Management (DSM) page

Serves as a centralized location for users to access the BMC applications integrated with 

BMC Helix SSO

. The previous name of the DSM pageLaunchpad.

Domain name

An identification string that defines a realm of administrative autonomy, authority, or control within the internet. For example, .com.

End user

The term end user refers to everyone who logs in to the application integrated with BMC Helix SSO, including local users.


Fully qualified domain name (FQDN)

domain name that specifies the exact location of the domain in the tree hierarchy of the Domain Name System (DNS). For example, www.docs.bmc.com.

High-availability mode (HA mode)

A configuration that implies communication between multiple BMC Helix SSO servers and one or more applications through a load balancer. The load balancer reduces the load on the BMC Helix SSO servers and supports continuous working of BMC Helix SSO if one or more BMC Helix SSO servers are not available.

Identity provider (IdP)

A third-party system that provides users. The example of the IdP in 

BMC Helix SSO

 is Active Directory.


Kerberos

A network authentication protocol that works on the basis of tickets to allow nodes that communicate over a non-secure network to prove their identity to one another in a secure manner. 


Local user

The term local user (local user or local administrator) refers to a user who is created and stored locally on the 

BMC Helix SSO

 server, not on an external identity provider.


Multitenancy

A software architecture in which a single application instance serves multiple tenants and provides data isolation between tenants. In BMC Helix SSO, a tenant that has a full access to the BMC Helix SSO application and configuration of other tenants is called the SaaS tenant.

Realm

A security component of 

BMC Helix SSO

 that takes part in an authentication process. A realm defines whether a user is authenticated through the identity provider, and provides this data to the application. A realm is specific only for 

BMC Helix SSO

. Realms must be created and configured separately for each tenant.

BMC Helix Single Sign-On (BMC Helix SSO)

A standalone BMC product that enables users to log in to multiple applications within an organization by using a single ID and password. The main components of BMC Helix SSO are the BMC Helix SSO agent and the BMC Helix SSO server.

BMC Helix SSO agent

A component of 

BMC Helix SSO

 that sets up an integration between the 

BMC Helix SSO

 application and other BMC applications.

SaaS administrator

A user who has full rights to create, activate, delete, or temporarily deactivate other SaaS administrators, tenant administrators, and tenants in BMC Helix SSO. Users with this role can view and change the configuration of any tenant registered on the BMC Helix SSO server.

Security Assertion Markup Language (SAML)

An XML based framework for describing and exchanging security information between online business partners. In 

BMC Helix SSO

, SAML is used as an authentication protocol.

Service provider (SP)

In the 

BMC Helix SSO

 context, 

BMC Helix SSO

 functions as a service provider and uses the data provided by the identity provider to authenticate a user. 

Session

A period of time during which a user is allowed to access the resource without re-entering the credentials. When 

BMC Helix SSO

 authenticates the user, a session is created.

Standalone deployment mode

Configuration that implies communication between one 

BMC Helix SSO

 server and multiple 

BMC Helix SSO

 agents.

Tenant

A configuration instance that has its own share of data and functionality. Tenants are fully isolated from each other, but they are saved on the same 

BMC Helix SSO

 server. An example of a tenant is a separate BMC customer. For example, Bank of America and Bank of Canada are BMC customers who share a common 

BMC Helix SSO

 instance, but are conceptually separated as tenants on the 

BMC Helix SSO

 server.

Tenant administrator

A user who has full rights to manage local users for realms in their tenant.

User

The term user refers to everyone, including local users, local administrators, and end users.