BMC Helix SSO : How can I integrate BMC Helix SSO with the Azure AD (SAML)

Knowledge Article

BMC Helix SSO : How can I integrate BMC Helix SSO with the Azure AD (SAML)
Integrating BMC Helix SSO with the Azure AD (SAML)
BMC Helix ITSM
BMC Atrium Core - CMDB
BMC Helix SSO
BMC Helix ITSM
BMC Atrium Core - CMDB
BMC Helix SSO

How can I integrate BMC Helix SSO with the Azure AD (SAML)?
1. Access Azure Console:
  • Log in to the Azure portal using your credentials.
  • Navigate to the Azure Active Directory service.
2. Create an Application for each BMC Helix environment ( DEV, QA, & PROD)
  • Go to the "App registrations" section in Azure Active Directory.
  • Click on "New Registration" to create a new application.
  • Provide a name for the application (e.g., BMC Helix).
  • Choose the appropriate supported account types (e.g., single tenant or multi-tenant).
  • Specify the sign-on URL (s) required for SAML authentication, which is the one BMC provided for each environment.
  • Click on the "Register" button.
  • Note down the Application (client) ID and Tenant ID, which you'll need later.
image.png
3. Add Users to the New Application ( one for each environment) :
  • Navigate to the "Users and groups" section in Azure Active Directory.
  • Click on "Add user/group" to add users to the application.
  • Select the appropriate users or groups from your Azure AD directory.
  • Assign the necessary roles or permissions to these users for accessing the BMC Helix application
4. Select the BMC Helix Application:
  • Find and select the application you created for BMC Helix.
5. Edit the SAML Configuration:
  • In the application settings, go to the "Single sign-on" tab.
  • Choose the appropriate SAML-based SSO option (e.g., SAML or SAML2.0).
  • Scroll down to the "Basic SAML Configuration" section.
  • Here, you will find fields for "Identifier (Entity ID)" and "Reply URL (Assertion Consumer Service URL)."
image.png
6. Edit the Identifier (Entity ID):
  • Click on the "Edit" button next to the "Identifier (Entity ID)" field.
  • Enter the Entity ID provided by BMC Helix in the text field.
  • Click on "Save" to save the changes.
7. Edit the Reply URL (Assertion Consumer Service URL):
  • Click on the "Edit" button next to the "Reply URL (Assertion Consumer Service URL)" field.
  • Enter the Reply URL provided by BMC Helix in the text field.
  • Click on "Save" to save the changes.
8. Save the Configuration:
  • After editing both the Entity ID and Reply URL, scroll up and click on the "Save" button to save the changes to the SAML configuration.
9. Verify and Test:
  • After saving the changes, verify that the settings are correct.
10. Export Metadata:
  • Scroll down to the "SAML Signing Certificate" section.
  • You should see an option to download the metadata file.
  • Look for a link or button labelled "Download metadata" or "Export metadata."
  • Click on this link or button to download the metadata file to your local device.
  • Go to this  documentation
11. Configure SAML authentication in the BMC Helix SSO Admin Console:
  • Take a moment to watch this instructional video configure SAML in the BMC Helix SSO Admin Console and then follow the instructions. This step must be completed in every BMC Helix environment as well.
  • Test the SAML-based authentication to ensure users can successfully authenticate with the BMC Helix Application using their Azure AD credentials.
 
For additional information on the BMC Helix SSO configuration, please refer to the link
BMC Helix ITSM
BMC Atrium Core - CMDB
BMC Helix SSO
Attachment(s):