How to configure single-sign on for BMC Remedyforce
ADSelfService Plus supports Active Directory (AD)-based single sign-on (SSO) for BMC Remedyforce and many other SAML-enabled applications. When SSO is enabled for BMC Remedyforce, users only have to login once into ADSelfService Plus - the identity provider. After logging in, users can securely access their BMC Remedyforce account without having to enter their username and password again.
ADSelfService Plus supports both Identity Provider (IdP) and Service Provider (SP)-initiated SSO for BMC Remedyforce.
IdP-initiated SSO for BMC Remedyforce: Users need to log in to the ADSelfService Plus self-service portal first, and then click on the BMC Remedyforce icon on the Applications dashboard to access BMC Remedyforce.
SP-initiated SSO for BMC Remedyforce: When users access BMC Remedyforce via a URL or bookmark, they are routed to the login page of ADSelfService Plus. After they log in, they will be redirected and logged into BMC Remedyforce automatically.
Follow the step-by-step guide given below to configure SSO for BMC Remedyforce
Before you begin
Download and install ADSelfService Plus if you haven’t already.
Configuring your Active Directory domain in ADSelfService Plus
ADSelfService Plus utilises the existing AD domain credentials for authenticating users during SSO. This makes the configuration of AD domains in ADSelfService Plus necessary before enabling SSO for BMC Remedyforce.
By default, ADSelfService Plus will try to add all the domains that it can discover in the network. If the required domains are automatically added, skip to step 9; otherwise, follow the steps below and add the domains manually.
- Log in to ADSelfService Plus web console using admin credentials.
- Click the Domain Settings link located on the top-right corner of the page.
- An Add Domain Details window will appear.
- In the Domain Name field, enter the name of the domain you want to add.
- In the Add Domain Controllers field, click Discover. ADSelfService Plus will try to automatically discover the domain controllers associated with the specified domain.
- If the domain controllers are not auto-discovered automatically, enter the domain controller name in the field provided, and click Add.
- You can leave the authentication fields empty if you're not going to use the end user self-service features of ADSelfService Plus.
- In Add Domain Details window, click Add.
Getting the SSO/SAML Details from ADSelfService Plus
- Navigate to Configuration → Self-Service → Password Sync/Single Sign On.
- In the dashboard which displays the list of applications supported by ADSelfService Plus, click BMC Remedyforce.
- Click Download SSO Certificate located on the top-right corner of the page.
- In the pop-up that appears, copy the Login URL and click Download Metadata file to download the metadata file.
Configuring SSO Settings in BMC Remedyforce
- Log in to BMC Remedyforce web console with admin credentials.
- Navigate to Setup → Security Controls → Single sign-on settings.
- Click Edit.
- Select the SAML Enabled checkbox and click Save.
- Select New.
- Enter a descriptive Name for the SSO configuration.
- In the Identity Provider Certificate field, click Choose File to upload the downloaded metadata file from step 12.
- The Entity id will be automatically populated. If not, enter https://saml.remedyforce.com in the Entity id field.
- Click Save.
- Copy the Salesforce Login URL from the Endpoints section.
- To add SSO Login to your BMC Remedyforce login page, follow the steps below:
- Go to Setup → Domain Management → Domain and then select your domain.
- In the Login Page Settings pop-up, select Edit.
- In the Authentication Service field, select the ADSelfService Plus checkbox and click Save.
Adding your BMC Remedyforce domain in ADSelfService Plus and enabling SSO
- Now, switch to ADSelfService Plus’ BMC Remedyforce configuration page.
- In the Domain Name field, enter the domain name of your email address. For example, if you use email@example.com to log in to BMC Remedyforce, then bmcremedyforce.com is the domain name.
- Enter an appropriate Display Name.
- In the SAML Redirect URL field, enter the Salesforce Login URL from step 22.
- In the Available Policies field, click on the drop-down box and select the policies for which you wish to enable single sign-on.
- Click Save.
That’s it! Now users can log into their Evernote account automatically using single sign-on.
Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console.
Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus!
Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.
Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more.
Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.
Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.