Q&A Session for Understanding Atrium SSO Date: Thursday, February 14, 2013, 8:00am Pacific

Similar documents
BMC Software Webinars 2013 Atrium Single Sign On (Atrium SSO)

SSO Plugin. Release notes. J System Solutions. Version 3.6

Perceptive Experience Single Sign-On Solutions

Using Shibboleth for Single Sign- On

Agenda. How to configure

Session Code*: 0310 Demystifying Authentication and SSO Options in Business Intelligence. Greg Wcislo

SSO Plugin. Installation for BMC AR System and WUT. J System Solutions. Version 3.4

September 9 11, 2013 Anaheim, California 507 Demystifying Authentication and SSO Options in Business Intelligence

About Me. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack

SSO Plugin. Installation for BMC AR System. J System Solutions. Version 4.0

Single Sign On. Configuration Checklist for Single Sign On CHAPTER

EMC VoyenceControl Integration Module. BMC Atrium Configuration Management Data Base (CMDB) Guide. version P/N REV A01

Getting Started with AD/LDAP SSO

Flexible Identity Federation

SAML-Based SSO Solution

Web Applications Access Control Single Sign On

WebNow Single Sign-On Solutions

Ensure that your environment meets the requirements. Provision the OpenAM server in Active Directory, then generate keytab files.

White Paper March 1, Integrating AR System with Single Sign-On (SSO) authentication systems

Monitoring Remedy with BMC Solutions

Egnyte Single Sign-On (SSO) Installation for OneLogin

User Management Tool 1.5

BMC Remedy Integration Guide

OpenSSO: Simplify Your Single-Sign-On Needs. Sang Shin Java Technology Architect Sun Microsystems, inc. javapassion.com

SSO Plugin. J System Solutions. Upgrading SSO Plugin 3x to 4x - BMC AR System & Mid Tier.

How To Use Saml 2.0 Single Sign On With Qualysguard

CA Performance Center

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

Building Secure Applications. James Tedrick

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

SchoolBooking SSO Integration Guide

Implementation of ITIL Service Desk Improves Operational Efficiency and Customer Service for Australian Telco

Integrating IBM Cognos 8 BI with 3rd Party Auhtentication Proxies

Configuration Worksheets for Oracle WebCenter Ensemble 10.3

How To Use Salesforce Identity Features

Authentication Methods

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM facebook/allidm

SAML SSO Configuration

Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML

Egnyte Single Sign-On (SSO) Installation for Okta

SSO Plugin. Integration for Jasper Server. J System Solutions. Version 3.6

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

Secure the Web: OpenSSO

TG Web. Technical FAQ

NetSupport DNA Configuration of Microsoft SQL Server Express

Copyright

Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect

CA SiteMinder SSO Agents for ERP Systems

Symplified I: Windows User Identity. Matthew McNew and Lex Hubbard

Single Sign On. Configuration Checklist for Single Sign On CHAPTER

Vyom SSO-Edge: Single Sign-On Solution for BMC Remedy

SSO Plugin. Case study: Integrating with Ping Federate. J System Solutions. Version 4.0

TIB 2.0 Administration Functions Overview

Getting Started with Clearlogin A Guide for Administrators V1.01

SAML-Based SSO Solution

Federated AAA middleware and the QUT SSO environment

AVG Business SSO Connecting to Active Directory

SSL VPN Server Guide. Access Manager 3.2 SP2. June 2013

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

The increasing popularity of mobile devices is rapidly changing how and where we

Enterprise Knowledge Platform

CA SiteMinder. Implementation Guide. r12.0 SP2

The Top 5 Federated Single Sign-On Scenarios

Contents. BMC Atrium Core Compatibility Matrix

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

INSTALLATION GUIDE VERSION

Configuring Single Sign-On for Documentum Applications with RSA Access Manager Product Suite. Abstract

Critical Issues with Lotus Notes and Domino 8.5 Password Authentication, Security and Management

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

Leveraging SAML for Federated Single Sign-on:

Integrating EJBCA and OpenSSO

TIBCO Spotfire Platform IT Brief

Configuring EPM System for SAML2-based Federation Services SSO

Accops HyWorks v2.5. Quick Start Guide. Last Update: 4/18/2016

VMware Identity Manager Administration

Single Sign-on to Salesforce.com with CA Federation Manager

CA Nimsoft Service Desk

Server Software Installation Guide

Active Directory Integration. Documentation. v1.02. making your facilities work for you!

Adobe Connect LMS Integration for Blackboard Learn 9

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN

Contents. Platform Compatibility. Directory Connector SonicWALL Directory Services Connector 3.1.7

Federation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015

Copyright

Vyom SSO-Edge: Single Sign-On for BMC Remedy

Single Sign On. SSO & ID Management for Web and Mobile Applications

OVERVIEW. DIGIPASS Authentication for Office 365

Copyright: WhosOnLocation Limited

Office 365 deployment checklists

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief

Transcription:

Q: Is the challenge required or can pass through authentication be used with regard to automatic login after you login to your corporate domain? A: You can configure the system to pass on the challenge see the Kerberos configuration part of the presentation. Q: Can this leverage an existing enterprise SSO system so that an established session (e.g. against Windows) can be used for logging in to BMC applications (no Atrium SSO login screen but an enterprise login). A: Yes, this topic will be covered in the session. There is a discussion of this in detail when you see the discussion of SAML integration. Essentially, you link Atrium SSO to your Enterprise SSO solution using SAML and Atrium SSO will use your Enterprise SSO solution as the authenticator and will become just another user. A big benefit of Atrium SSO is that BMC products are coming out of the box integrated with it so with one tie to your Enterprise SSO solution from Atrium SSO, you will be tying all BMC products that are linked to Atrium SSO to your Enterprise SSO solution in one step without needing to do multiple integrations. Q: When will a newer version of Tomcat be supported? e.g. V7? A: We follow 'or higher' policy for vendor products. Current min version is Tomcat 6.0. So any future version is automatically supported. However, we recommend using embedded Tomcat which is V6 for the moment. Q: Is there a way to validate the password when using SSO similar to Application Confirm Password. I have a customer that wants to force users to re enter their user ID and password when approving a Change. Password is not accepted when using SSO. A: Not yet. This password validation feature for AR with Atrium SSO is worked on by BMC at this moment. Q: What about IIS > Tomcat? Is that still as seamless? A: Assuming that you are you implying a proxy model in front of SSO, yes, that should be fine still. Q: Is there a way to validate the password when using SSO similar to Application Confirm Password. I have a customer that wants to force users to re enter their user ID and password when approving a Change. Password is not accepted when using SSO. A: Not yet. This password validation feature for AR with Atrium SSO is worked on by BMC at this moment. Q: Does SSO support Chrome? I saw IE and Firefox, but not Chrome A: Chrome is not certified, but should work. Get the latest version of Chrome (24.0.xx and later) I had issues with earlier version until I updated Chrome on my machine. Q: the machine name must be the AD user name? Can this be another one? A: We have seen good integration when machine name is used, however, you can use any service account and it should work. Q: key tab file is created in AD server A: Yes Q: If I unplug the SSO server... Will users be prompted to enter password and authenticate as if there were no SSO? A: No. If you have one SSO server, the users will not be able to authenticate. If you have set up 2 or more SSO servers in a cluster with a Load Balancer, the SSO servers' data is replicated. So the users will not be affected if 1 SSO server is unplugged. If an SSO server goes down, the Load Balancer will redirect the traffic to the other available SSO servers (Fail Over, High Availability).

Q: my AR system having SSO server, whether the same will work for Atrium? If yes, whether we need to modify the setting on SSO server. A: What do you mean by Atrium? There are a dozen products in the Atrium umbrella. If you mean Atrium CMDB, the Atrium CMDB is an AR System application so if AR is tied into SSO, so is the CMDB. If you mean Atrium Dashboards that is integrated and you have to configure Dashboards, but you will be tied in. If something else, you need to check the slide that was given earlier in the presentation to see if the product you are interested in is integrated with Atrium SSO. Q: How are the permissions (all permissions including ITSM) handled in Atrium SSO? A: AR groups and permissions are still controlled by the AR server. Atrium SSO is for authentication, not those authorization (access to features, etc.) decisions. Those remain with the application. Q: I notice you are using v8.1. When will this be GA? A: Good observation. 8.1 is our current release in development and is expected to be released this qtr. <Addendum: as of 2/21/13, it is released) Q: Will AtriumSSO 8.x integrate with AR System 7.6.04 SPx? A: Yes. However please note this will limit SSO features to Atrium SSO v7.6.04 version. Atrium SSO 8.0 features will not be available in this mixed mode. Q: How SSO will handle multiple domains? What are the user names in Remedy then? A: SSO will handle multiple domains using SAML. Each domain has its own SAML IDP to validate the user and must be in a separate realm. SSO also support chaining of multiple authentication modules. Q: do you name configuration files.txt and not.conf/.cfg? A: Once you finished the integration these files are never used by the system. Conf/cfg files are usually something you keep changing as system is being used. Q: Will AtriumSSO 8.x integrate with AR System 7.6.04 SPx? A: Yes, Atrium SSO is supported with AR System environments from 7.6.04 and later as was shown in the compatibility slide earlier in the presentation. However, please note this will limit SSO features to Atrium SSO v7.6.04 version. Atrium SSO 8.0 features will not be available in this mixed mode. AR upgrade to 8.0 is particularly recommended to take benefit of SAML and Kerberos feature of Atrium SSO v8. Q: I installed AR8.0 +CMDB8.0 + ITSM8.0, and during the installation, I checked the box to configure SSO later. Does this mean that I have to install SSO, and how can I check if it is there? A: If you have not set up an SSO server then that would be your next step. Q: After integrating with SSO do we need to use the mid tier link for login or some different link of SSO? A: There is no URL change for the end user. Just use the Mid Tier URL, and if you need to login, the SSO server will take you to the login page.

Q: If I am using third party SSO for authentication purposes, do I still need Atrium SSO? A: In order to use your SSO solution, you need to integrate with it. You will need to integrate with it for every product from BMC that you want tied to that enterprise solution. And, some of the BMC products do not have the ability to perform that integration. Atrium SSO on the other hand is already integrated with a variety of BMC products and more will be added. Atrium SSO can integrate with your third party SSO solution. So, there is still significant value in putting in Atrium SSO. Pre integrated to a variety of BMC products ONE integration between Atrium SSO and your third party SSO solution and you are done with ALL BMC products that are tied into Atrium SSO. So, it is much easier to integrate with your third party SSO solution and wide support across multiple products for that one integration. Pretty big leverage. Q: Is there any kind of reporting associated w/this to track user activity. We are trying to determine who is not using our system and possibly free their licenses. A: No, there is no such reporting in the product. Atrium SSO generates logs, but these logs are designed for technical purposes. Q: Is BMC Atrium SSO require separate license in case we already having AR 7.6.04, Atrium CMDB 7.6.04, BMC Analytics & Dashboards? A: Atrium SSO is not a licensed product. If you have any BMC product that has integration with it, you can download it, install it, and use it without additional licensing or charge. Q: If I have multiple Companies in the same ARS, but I need to install the Atrium SSO for a particular Company. Is it possible? A: Yes, it is possible and not very difficult, but it does have to be configured correctly. It requires Multiple mid tiers the mid tiers cannot be shared between companies andthey need to be configured to go through an Atrium SSO or not for each company. Q: Does Atrium SSO work with ADDM? A: This is on the roadmap for later versions of ADDM. Q: Has BMC tested this on Red Hat Enterprise? A: Atrium SSO is supported on Red Hat Enterprise Linux 5 or higher Q: How many customers has actual implemented AtriumSSO with Kerberos authentication? A: Kerberos support was added in the 8.0 release of SSO. Many customers are in process of installing and upgrading to 8.0. This capability was in Beta for long time and in fact it also went through our Select Market Availability program. So it is difficult to give a specific number, but Atrium SSO with 8.0 is being used at multiple customer locations Q: Question: Can we use this Atrium SSO version on ARS/ITSM 7.6.04? A: Yes. However please note this will limit SSO features to Atrium SSO v7.6.04 version. Atrium SSO 8.0 features will not be available in this mixed mode. AR upgrade to 8.1 is recommended to take benefit of SAML, Kerberos, new simplified admin UI of Atrium SSO v8.1

Q: Actually I have a customer considering to develop SSO plugin following what inside SSO whitepaper for Remedy. Is it possible use Atrium SSO for customized ARS 7.6.04 applications instead of implementing these plugins? A: You can use Atrium SSO with AR custom applications since the configuration is done at the AR server layer to invoke Atrium SSO. Q: Is there a newer version of the white paper "Integrating BMC Remedy Action Request System with Single Sign On (SSO) Authentication Systems and Other Client Side Login Intercept Technologies"? That paper is from 7.0 A: that whitepaper describes AR Servers native capabilities to integrate with SSO system. Those capabilities will still remain but require custom programming in most case. Atrium SSO is evolution of our SSO strategy overall and even beyond just AR/ITSM. So for all future SSO needs we will rely on Atrium SSO. That whitepaper itself works with multiple AR versions. Q: Is there any plans to bring in SSO with BMC Chat 8.0? A: BMC Chat 8.0 is a product now named BMC Virtual Agent. It is a virtual agent, chat, knowledge delivery,... system. The majority of the product is an AR System application. There is one front end window that is not. However, the recommended approach to running this product is to configure that the user goes to a midtier page which does an AR System login and then the Virtual Agent product picks up that login and uses it for its interaction. So, with this configuration, the login to BMC Virtual Agent (BMC Chat 8.0) is an AR System login and AR System supports Atrium SSO so BMC Virtual Agent supports Atrium SSO. Q: Is there a user aliasing function, e.g. when I have different usernames in ar system and active directory? A: We are releasing a hot fix on 7604 SP4 version of MT to support this functionality. Q: In certain situation, where we need to login specifically, then will Atrium SSO stop that or will the login be requested A: If you are configured to use SSO, the system will be linked to your SSO environment and login that way. It sounds like you want sometimes to NOT do an SSO login and require a direct login to the solution? Q: When using with ARS 7.6.04 SSO will still work like if a user logs into his machine he won t be presented the login screen for Remedy? A: This questions refers to Kerberos feature of Atrium SSO v8.0. To take benefit of Kerberos, you need ARS and SSO both to be at least at version 8.0. Q: So for Dev. Studio we can use ldap authentication right, for example with my id skoka from midtier SSO will take care of me logging into the application, when I try to log into Dev. Studio with user ID skoka A: Dev Studio does not support SSO authentication at this point. Q: Does this work with other products viz. Finance Mgmt. /Demand / ITBM A: ITBM 7604 and up is supported Q: Does SSO also support single signon logging into a windows domain? AR server 7.6.4 A: You need AR 8.0 and up and SSO 8.0 and up to support Kerneros authentication. Q: Why is the architecture of the product a cluster and not single server? A: You can install as a single server and you can install a cluster of servers. The later provides high availability, fail over, and better scalability.

Q: can we integrate SSo with 7.5 AR System A: No, the minimum version of AR System is 7.6.04 for integration with Atrium SSO. Q: AR server does support alias login when using LDAP authentication. Same with SSO? A: AR aliases when using AREA LDAP. When integrated with Atrium SSO it defers it to Atrium SSO. So, RDS authentication (non web, essentially) will still authenticate directly to the AR server. Q: Any chance we could get a demo version of sso8.1 to use with the 8x environment we are working on building? A: 8.1.00 is now GA (2/21/2013)