Q: Is the challenge required or can pass through authentication be used with regard to automatic login after you login to your corporate domain? A: You can configure the system to pass on the challenge see the Kerberos configuration part of the presentation. Q: Can this leverage an existing enterprise SSO system so that an established session (e.g. against Windows) can be used for logging in to BMC applications (no Atrium SSO login screen but an enterprise login). A: Yes, this topic will be covered in the session. There is a discussion of this in detail when you see the discussion of SAML integration. Essentially, you link Atrium SSO to your Enterprise SSO solution using SAML and Atrium SSO will use your Enterprise SSO solution as the authenticator and will become just another user. A big benefit of Atrium SSO is that BMC products are coming out of the box integrated with it so with one tie to your Enterprise SSO solution from Atrium SSO, you will be tying all BMC products that are linked to Atrium SSO to your Enterprise SSO solution in one step without needing to do multiple integrations. Q: When will a newer version of Tomcat be supported? e.g. V7? A: We follow 'or higher' policy for vendor products. Current min version is Tomcat 6.0. So any future version is automatically supported. However, we recommend using embedded Tomcat which is V6 for the moment. Q: Is there a way to validate the password when using SSO similar to Application Confirm Password. I have a customer that wants to force users to re enter their user ID and password when approving a Change. Password is not accepted when using SSO. A: Not yet. This password validation feature for AR with Atrium SSO is worked on by BMC at this moment. Q: What about IIS > Tomcat? Is that still as seamless? A: Assuming that you are you implying a proxy model in front of SSO, yes, that should be fine still. Q: Is there a way to validate the password when using SSO similar to Application Confirm Password. I have a customer that wants to force users to re enter their user ID and password when approving a Change. Password is not accepted when using SSO. A: Not yet. This password validation feature for AR with Atrium SSO is worked on by BMC at this moment. Q: Does SSO support Chrome? I saw IE and Firefox, but not Chrome A: Chrome is not certified, but should work. Get the latest version of Chrome (24.0.xx and later) I had issues with earlier version until I updated Chrome on my machine. Q: the machine name must be the AD user name? Can this be another one? A: We have seen good integration when machine name is used, however, you can use any service account and it should work. Q: key tab file is created in AD server A: Yes Q: If I unplug the SSO server... Will users be prompted to enter password and authenticate as if there were no SSO? A: No. If you have one SSO server, the users will not be able to authenticate. If you have set up 2 or more SSO servers in a cluster with a Load Balancer, the SSO servers' data is replicated. So the users will not be affected if 1 SSO server is unplugged. If an SSO server goes down, the Load Balancer will redirect the traffic to the other available SSO servers (Fail Over, High Availability).
Q: my AR system having SSO server, whether the same will work for Atrium? If yes, whether we need to modify the setting on SSO server. A: What do you mean by Atrium? There are a dozen products in the Atrium umbrella. If you mean Atrium CMDB, the Atrium CMDB is an AR System application so if AR is tied into SSO, so is the CMDB. If you mean Atrium Dashboards that is integrated and you have to configure Dashboards, but you will be tied in. If something else, you need to check the slide that was given earlier in the presentation to see if the product you are interested in is integrated with Atrium SSO. Q: How are the permissions (all permissions including ITSM) handled in Atrium SSO? A: AR groups and permissions are still controlled by the AR server. Atrium SSO is for authentication, not those authorization (access to features, etc.) decisions. Those remain with the application. Q: I notice you are using v8.1. When will this be GA? A: Good observation. 8.1 is our current release in development and is expected to be released this qtr. <Addendum: as of 2/21/13, it is released) Q: Will AtriumSSO 8.x integrate with AR System 7.6.04 SPx? A: Yes. However please note this will limit SSO features to Atrium SSO v7.6.04 version. Atrium SSO 8.0 features will not be available in this mixed mode. Q: How SSO will handle multiple domains? What are the user names in Remedy then? A: SSO will handle multiple domains using SAML. Each domain has its own SAML IDP to validate the user and must be in a separate realm. SSO also support chaining of multiple authentication modules. Q: do you name configuration files.txt and not.conf/.cfg? A: Once you finished the integration these files are never used by the system. Conf/cfg files are usually something you keep changing as system is being used. Q: Will AtriumSSO 8.x integrate with AR System 7.6.04 SPx? A: Yes, Atrium SSO is supported with AR System environments from 7.6.04 and later as was shown in the compatibility slide earlier in the presentation. However, please note this will limit SSO features to Atrium SSO v7.6.04 version. Atrium SSO 8.0 features will not be available in this mixed mode. AR upgrade to 8.0 is particularly recommended to take benefit of SAML and Kerberos feature of Atrium SSO v8. Q: I installed AR8.0 +CMDB8.0 + ITSM8.0, and during the installation, I checked the box to configure SSO later. Does this mean that I have to install SSO, and how can I check if it is there? A: If you have not set up an SSO server then that would be your next step. Q: After integrating with SSO do we need to use the mid tier link for login or some different link of SSO? A: There is no URL change for the end user. Just use the Mid Tier URL, and if you need to login, the SSO server will take you to the login page.
Q: If I am using third party SSO for authentication purposes, do I still need Atrium SSO? A: In order to use your SSO solution, you need to integrate with it. You will need to integrate with it for every product from BMC that you want tied to that enterprise solution. And, some of the BMC products do not have the ability to perform that integration. Atrium SSO on the other hand is already integrated with a variety of BMC products and more will be added. Atrium SSO can integrate with your third party SSO solution. So, there is still significant value in putting in Atrium SSO. Pre integrated to a variety of BMC products ONE integration between Atrium SSO and your third party SSO solution and you are done with ALL BMC products that are tied into Atrium SSO. So, it is much easier to integrate with your third party SSO solution and wide support across multiple products for that one integration. Pretty big leverage. Q: Is there any kind of reporting associated w/this to track user activity. We are trying to determine who is not using our system and possibly free their licenses. A: No, there is no such reporting in the product. Atrium SSO generates logs, but these logs are designed for technical purposes. Q: Is BMC Atrium SSO require separate license in case we already having AR 7.6.04, Atrium CMDB 7.6.04, BMC Analytics & Dashboards? A: Atrium SSO is not a licensed product. If you have any BMC product that has integration with it, you can download it, install it, and use it without additional licensing or charge. Q: If I have multiple Companies in the same ARS, but I need to install the Atrium SSO for a particular Company. Is it possible? A: Yes, it is possible and not very difficult, but it does have to be configured correctly. It requires Multiple mid tiers the mid tiers cannot be shared between companies andthey need to be configured to go through an Atrium SSO or not for each company. Q: Does Atrium SSO work with ADDM? A: This is on the roadmap for later versions of ADDM. Q: Has BMC tested this on Red Hat Enterprise? A: Atrium SSO is supported on Red Hat Enterprise Linux 5 or higher Q: How many customers has actual implemented AtriumSSO with Kerberos authentication? A: Kerberos support was added in the 8.0 release of SSO. Many customers are in process of installing and upgrading to 8.0. This capability was in Beta for long time and in fact it also went through our Select Market Availability program. So it is difficult to give a specific number, but Atrium SSO with 8.0 is being used at multiple customer locations Q: Question: Can we use this Atrium SSO version on ARS/ITSM 7.6.04? A: Yes. However please note this will limit SSO features to Atrium SSO v7.6.04 version. Atrium SSO 8.0 features will not be available in this mixed mode. AR upgrade to 8.1 is recommended to take benefit of SAML, Kerberos, new simplified admin UI of Atrium SSO v8.1
Q: Actually I have a customer considering to develop SSO plugin following what inside SSO whitepaper for Remedy. Is it possible use Atrium SSO for customized ARS 7.6.04 applications instead of implementing these plugins? A: You can use Atrium SSO with AR custom applications since the configuration is done at the AR server layer to invoke Atrium SSO. Q: Is there a newer version of the white paper "Integrating BMC Remedy Action Request System with Single Sign On (SSO) Authentication Systems and Other Client Side Login Intercept Technologies"? That paper is from 7.0 A: that whitepaper describes AR Servers native capabilities to integrate with SSO system. Those capabilities will still remain but require custom programming in most case. Atrium SSO is evolution of our SSO strategy overall and even beyond just AR/ITSM. So for all future SSO needs we will rely on Atrium SSO. That whitepaper itself works with multiple AR versions. Q: Is there any plans to bring in SSO with BMC Chat 8.0? A: BMC Chat 8.0 is a product now named BMC Virtual Agent. It is a virtual agent, chat, knowledge delivery,... system. The majority of the product is an AR System application. There is one front end window that is not. However, the recommended approach to running this product is to configure that the user goes to a midtier page which does an AR System login and then the Virtual Agent product picks up that login and uses it for its interaction. So, with this configuration, the login to BMC Virtual Agent (BMC Chat 8.0) is an AR System login and AR System supports Atrium SSO so BMC Virtual Agent supports Atrium SSO. Q: Is there a user aliasing function, e.g. when I have different usernames in ar system and active directory? A: We are releasing a hot fix on 7604 SP4 version of MT to support this functionality. Q: In certain situation, where we need to login specifically, then will Atrium SSO stop that or will the login be requested A: If you are configured to use SSO, the system will be linked to your SSO environment and login that way. It sounds like you want sometimes to NOT do an SSO login and require a direct login to the solution? Q: When using with ARS 7.6.04 SSO will still work like if a user logs into his machine he won t be presented the login screen for Remedy? A: This questions refers to Kerberos feature of Atrium SSO v8.0. To take benefit of Kerberos, you need ARS and SSO both to be at least at version 8.0. Q: So for Dev. Studio we can use ldap authentication right, for example with my id skoka from midtier SSO will take care of me logging into the application, when I try to log into Dev. Studio with user ID skoka A: Dev Studio does not support SSO authentication at this point. Q: Does this work with other products viz. Finance Mgmt. /Demand / ITBM A: ITBM 7604 and up is supported Q: Does SSO also support single signon logging into a windows domain? AR server 7.6.4 A: You need AR 8.0 and up and SSO 8.0 and up to support Kerneros authentication. Q: Why is the architecture of the product a cluster and not single server? A: You can install as a single server and you can install a cluster of servers. The later provides high availability, fail over, and better scalability.
Q: can we integrate SSo with 7.5 AR System A: No, the minimum version of AR System is 7.6.04 for integration with Atrium SSO. Q: AR server does support alias login when using LDAP authentication. Same with SSO? A: AR aliases when using AREA LDAP. When integrated with Atrium SSO it defers it to Atrium SSO. So, RDS authentication (non web, essentially) will still authenticate directly to the AR server. Q: Any chance we could get a demo version of sso8.1 to use with the 8x environment we are working on building? A: 8.1.00 is now GA (2/21/2013)