Configuring authentication for Remedy SSO administrators

Internal authentication is configured as the default method for logging in to the Remedy SSO Admin Console. Only administrators created on the Remedy SSO server by default can log in to the Remedy SSO Admin Console. You can use any external LDAP as an identity provider for Remedy SSO administrator accounts.

You have the following options to configure authentication for Remedy SSO admin users:

You can use the default Internal authentication method to authenticate administrators.
You can specify the Internal authentication type only once in a chain.
You can use both methods of authentication by adding LDAP authentication method into a chain with the default Internal method. You can set LDAP authentication multiple times in an authentication chain.
You can disable Internal authentication and use only LDAP authentication by adding LDAP method into an authentication chain, and then removing the Internal type from the authentication chain.

Before you begin

You must have an external LDAP identity provider up and running, and you must have administrative permissions in Remedy SSO.

To configure admin authentication through an external LDAP identity provider

In the Remedy SSO Admin Console, select General > Admin Authentication.
Click Add authentication.

To configure a connection to an external LDAP identity provider, complete the following fields:

Field	Description
Host	Name of the server where LDAP identity provider is hosted. If LDAP is used in failover mode, you can specify more than one LDAP identity provider by providing a comma-separated list of servers. If the first server is unavailable, the Remedy SSO server switches to the second server specified in the list.
Port	Port number for the LDAP server, such as 389.
Bind DN	The distinguished name (DN) of a bind LDAP user. For example: CN=User,CN=Users,DC=example,DC=com This user must have privileges to search the directory.
Bind Password	Password for the bind LDAP user.

To specify which users from the LDAP identity provider will have permissions to access the Remedy SSO Admin Console, complete the following fields:

Field	Description
User Search Filter	The LDAP query to search for users. These users will have permissions to access the Remedy SSO Admin Console. For example: (&(objectCategory=user) (sAMAccountName=$ADMIN$)(memberof=CN=RSSOAdmin,OU=Users,DC=example,DC=com)). The user login ID is specified by the $ADMIN$ keyword.
Users Base DN	Base distinguished name used for users search. For example: CN=Users,DC=example,DC=com
Identity Attribute	Enter the LDAP attribute to be used as the login ID of the administrator. For example: sAMAccountName

(SaaS tenant only) To assign roles to specific LDAP user groups, select the Group Mapping check box, and then complete the following fields:

Field	Description
Group of User Filter	Enter an LDAP query for search for user groups. The queried groups will have permissions to access the Remedy SSO Admin Console. For example: member:1.2.840.113556.1.4.1941:=$ADMIN_DN$.
Group Base DN	Specify a base distinguished name used for groups search. For example: DC=example,DC=local.
Group Name Attribute	Specify an attribute that holds the name of a group. For example: CN.
SaaS Administrator	Specify a group in the LDAP directory for users who will have a role of SaaS Administrator in the Remedy SSO Admin Console. For example: saas_admin.

Click Add to chain.
Click Save.

To disable Internal authentication

Important

You can disable the Internal authentication method only if you have LDAP authentication method added to the chain.

In the Remedy SSO Admin Console, select General > Admin Authentication.
From the Authentication Type list, select INTERNAL, and then click .
Click Save.

Configuring authentication for Remedy SSO administrators

Before you begin

To configure admin authentication through an external LDAP identity provider

To disable Internal authentication

On this page