Facilitating application access to users having different email domains

Important

The features and enhancements in this topic are under controlled availability to select customers.

Allow multiple users with different email domains and authentication mechanisms to access the same application URL by enabling multiple service providers (MSP) based on BMC Helix Single Sign-On (SSO) authentication system.

MSP incorporates a robust authentication mechanism, ensuring exclusive and secure access to the application.

Related topic

Configuring realm identification for multiple service providers in BMC Helix Single Sign-On documentation

To enable the MSP feature in your environment, you must have a dedicated tenant on BMC Helix Single Sign-On version 23.x or later. For the smooth operation of MSP, you must share the information about configuring authorization patterns in your environment.

For information about logging and troubleshooting, contact BMC support.


Scenario: Enabling BMC Helix SSO based MSP at Apex Global

To resolve employees IT access related queries, Apex Global maintains an IT helpdesk. Employees from different departments such as R&D, HR, and finance access the IT helpdesk to resolve their IT access and operation-related queries.

Seth, the administrator at Apex Global has enabled MSP in their environment.

This feature helps users from different departments get an exclusive and secure access to IT helpdesk because they can access it with their exclusive email IDs and get authenticated with specific authentication mechanism; for example, Mary@hr.apexglobal.com, Ajay@fin.apexgloabl.com.



Benefits of enabling MSP

Enabling MSP in your environment provides with the following benefits:

  • Optimize access with an exclusive URL for the same application.
  • Secure access to an application through a robust authentication mechanism.


Workflow to enable MSP in your environment

The following table describes a simple workflow to enable MSP in your environment:

Task

Action

Reference in BMC Helix Single Sign-On documentation

1

Make sure that you have a dedicated tenant on BMC Helix Single Sign-On version 23.x or later


2

Share your requirements about configuring authorization patterns with BMC Software

3

Configure custom headers for the OAuth 2.0 client


Example

Consider this scenario at Apex Global. Mary, an HR executive accesses the IT helpdesk to raise a change request to replace her headset. 

  1. Mary logs in to the IT helpdesk application with her email ID, Mary@hr.apexglobal.com. The following login screen asking for user authorization is displayed:
    Here, Mary enters the user name for authorization.

    23_01_11_FirstScreen.png

  2. After the authorization is successful, she is redirected to the following IT helpdesk application login screen asking for the application login credentials for authentication:

    23_01_11_SecondScreen.png

  3. Mary logs into the application. The following screenshot shows the access to the application:

    23_01_11_AppAccess.png



 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*