Configuring settings for BMC Helix SSO administrators

As a tenant administrator, you can configure settings such as for BMC Helix SSO administrators.

To configure the maximum session time for administrators

In the BMC Helix SSO Admin Console, select General > Basic.
In the Max Admin Session Time field, set the time after which the admin session expires.
When this value is selected, time constraints are automatically enforced. By default, one hour is set.
Important
The minimum value is 1 minute, and the maximum value is 1 year.
Click Save.

To enable the lockout functionality for BMC Helix SSO administrators

By default, the account lockout functionality is disabled for the BMC Helix SSO Admin Console. You can set the number of login attempts for BMC Helix SSO administrator accounts before the accounts get locked out.

In the BMC Helix SSO Admin Console, select General > Basic.
In the Admin Lockout Threshold field, enter the number of login attempts for administrators.
By default, the value is set to 0.

To update the retention policy

By default, all logged audit actions are stored in the database for the last 120 days. You can change the number of days in the Retention policy field only if you have the administrator rights and enable administrator events audit or end-user events audit. The Retention policy option is enabled by default.

Important

The Retention policy option is available only for the SaaS tenant. To enable the Retention policy option, you must select the Admin events or End-user events check box, or both.

To change the number of days for logging audit records in the database, perform one or more of the following actions:

Task	Steps to perform
To configure the retention policy for audit logs	In the Retention policy field, set a value to specify the number of days the audit logs are saved on the BMC Helix SSO server. Click Save.
To disable the retention policy	In the Retention policy field, set 0 to save logs forever. Click Save.
To delete old audit logs	In the Retention policy field, set a relatively small value, for example, one day. Click Save. All audit records older than the specified number of days are automatically deleted in 24 hours after the BMC Helix SSO server start.

To enable audit records on the BMC Helix SSO server

By default, audit is disabled for both administrator and end-user actions. You can enable audit records on the BMC Helix SSO server. The following screenshot shows the Audit section in the BMC Helix SSO Admin Console:

In the BMC Helix SSO Admin Console, select General > Advanced.
In the Audit section, select the appropriate check box:
- Admin events—To enable audit records for administrator actions.
- End-user events—To enable audit records for end-user actions, select the End-user events check box.
Click Save.

When you enable audit logging, the Audit tab in the BMC Helix SSO Admin Console displays all actions performed by the administrator, end user, or both. By default, the Audit tab shows all logged administrator, end-user actions, or actions of both for the last day. You can get audit actions for a certain date and one session. For more information, see Reviewing-audit-records.

To enable activity logs for administrator activities

You can integrate the third party application, Gainsight, which helps collect the activity logs of administrator users in the BMC Helix SSO Admin Console and can provide statistics for their activities.

Gainsight checkbox.png

In the BMC Helix SSO Admin Console, select General > Basic.
Select the Interactive Gainsight check box from the Self-Help section.
By default, this option is disabled.
Click Save.
Log out from the BMC Helix SSO Admin Console and log in again to apply this setting.

Where to go from here

Configuring-authentication-for-BMC-Helix-SSO-administrators