This documentation supports the 20.08 version of Remedy Single Sign-On, which is available only to BMC Helix subscribers (SaaS).To view an earlier version, select the version from the Product version menu.

Managing local users


For any realm with Local authentication type, you can create users stored locally on the Remedy Single Sign-On server. Local users can access applications belonging to their realm. You can also add local groups, and then add users to these groups. Groups represent roles in your organization and can be used to control access to applications for which the single sign-on experience is enabled. 


Related topic

Configuring-Local-authentication

Password-change-mechanisms

Creating and managing local users in the Remedy SSO Admin Console

If you have a realm configured for Local authentication on the Remedy SSO, then you should perform the following tasks in the Remedy SSO Admin Console:

  1. Create local users for a realm.
  2. (Optional) Create groups needed by your organization, and then add users to the appropriate groups.

Before you begin

Configure a realm for Local authentication.

To add a local user

  1. Log in to the Remedy SSO Admin Console.
  2. Click Local User > Users.

  3. From the Realm list, select a realm.

    Important

    To authenticate a user in all realms available on your Remedy SSO server, add it to the default _empty_ realm. This is a technical realm, and it is not shown on the Realms page.

    Users added to the _empty_ realm can access applications from any realm available on the Remedy SSO server.

  4. Click Add User, and complete the following fields:

    Field

    Description

    Login Name

    Enter the user's login name. The Login name is case insensitive.

    Note: You cannot modify the login name after it is created.

    User Name

    Enter the user's full name.

    Password

    Enter the user's password. The password length must be minimum 8 characters. There are no requirements for password complexity. Do not use space as the first or the last character of the password. Spaces are allowed between the first and the last character.

    Confirm Password

    Reenter the user's password.

    Description (Optional)

    Provide a description of the user.

    Enabled (Optional)

    Select this option to enable or disable a user in the BMC application. If you disable a user who is currently logged into a BMC application, ensure that you invalidate the old sessions or OAuth2 tokens (if any) of the user. For more information, see Invalidating-and-configuring-end-user-sessions.

  5. Click Add.

To change a local user's password

  1. Log in to the Remedy SSO Admin Console.
  2. Click Local User > Users.
  3. From the Realm list, select a realm.
  4. Locate the user, and click Change Password in the Action column.
  5. Enter the new password, then enter the password again in the Confirm Password field.
  6. Click Change Password.
  7. Invalidate the old user sessions and OAuth2 tokens (if any).

To search for a local user

  1. Log in to the Remedy SSO Admin Console.
  2. Click Local User > Users.
  3. In the Users tab search field enter the search criteria using the following format and then press Enter.
    text=<searchText/*> AND enabled=<true/false/*>

The following table describes how to use the search criteria:

Search criteria

Description

text=<searchText/*>

Use text= to enter a string to search for the value of one of the following fields:

  • User Name
  • Login Name
  • Description

You can pass a partial search value enclosed in % for text to search for all users having the partial search value in one of the User Name, Login Name, or Description fields.

You can use an asterisk as a wildcard to return all users.

Examples:

  • text=BMC returns users with the exact value of "BMC" in one of the 3 fields.
  • text=%BMC% returns users with "BMC" as a partial value, such as "BMCadmin" as User Name.
  • text=* AND enabled=true returns all enabled users.
enabled=<true/false/*>

Use enabled= to enter a string to search on users' enabled state.

You can use an asterisk as a wildcard to return users in any enabled state.

Examples:

  • enabled=false returns disabled users.
  • text=* AND enabled=* returns all users (enabled and disabled).
  • text=BMC AND enabled=true returns all enabled users with the exact value of "BMC" in one of the 3 fields.

To add group (roles) to a realm

  1. Log in to the Remedy SSO Admin Console.
  2. Click the Local User > Group (Roles).
  3. From the Realm list, select a realm.

  4. Click Add Group (Role), and complete the following fields:

    Field

    Description

    Group (Role) Name

    Enter the group (role) name.

    Note:

    You cannot modify the group (role) name after it is created.

    Description

    Enter a description for the group (role) name.

  5. Click Save in the Action column.

To add users to or remove users from a role

  1. Log in to the Remedy SSO Admin Console.
  2. Click the Local User >Group (Roles).
  3. From the Realm list, select a realm.
  4. Locate the group (role) and click Assign/Remove User(s) in the Action column.
  5. Use the appropriate procedure to assign or remove users to or from the group (role).
    • To assign users to a group (role)
      • In the Available Users column, select one or more users and click Assign to move the users to the Assigned users column.
      • To assign all users in the list, select he top check box in the Available users column, and click Assign to move the users to the Assigned users column.
      • Search for users in the Search field of the Available users column, select them, and click Assign to move them to the Assigned users column.
    • To remove users from a group (role)
      • In the Assigned User column, select one or more users and click Remove to move the users to the Available users column.
      • To remove all users in the list, select the top check box in the Assigned users column, and click Remove move the users to the Available users column.
      • Search for users in the Search field of the Assigned users column, select them, and click Remove to move them to the Available users column.
  6. Click Done.