Skip to Content

BMC Helix ITSM prerequisites

Introduction

To use the BMC Helix ITSM connector with OAuth 2.0 authentication (2-legged or 3-legged), the BMC SaaS Operations team must have set up an OAuth 2.0 application and provided you with the values you will need for generating a refresh token and bearer token.

Note

These instructions require the use of a third-party tool such as Postman.

Obtain a custom API URL

To obtain a refresh token and bearer token, you must use an API Manager custom API URL. For information on configuring a custom API and obtaining its URL, see these resources:

Obtain tokens

The following steps describe how to obtain the refresh token and bearer token.

  1. Obtain these values from the BMC SaaS Operations team:

    • Callback URL
    • Auth URL
    • Access Token URL
    • Client ID
    • Client Secret

    Note

    Only a single refresh token can be obtained for a client ID, client secret, and access token URL set. To authenticate multiple connections with OAuth 2.0 authentication, you must obtain a unique client ID, client secret, and access token URL and repeat the following steps for each connection.

  2. In Postman open a new request.

  3. Click the Authorization tab, and use the Type menu to select OAuth 2.0.

  4. In the Configure New Token section, configure these fields:

    Field Description
    Token Name Enter a name for the token.
    Grant Type From the menu, select Authorization Code.
    Callback URL Enter the custom API URL (provided by the BMC SaaS Operations team).
    Auth URL Enter the BMC Helix auth URL (provided by the BMC SaaS Operations team) in this format: <Host URL>/rsso/oauth2/authorize.
    Access Token URL Enter the BMC Helix access token URL (provided by the BMC SaaS Operations team) in this format: <Host URL>/rsso/oauth2/token.
    Client ID Enter your client ID (provided by the BMC SaaS Operations team).
    Client Secret Enter your client secret (provided by the BMC SaaS Operations team).
    Scope Leave this field empty.
    State Leave this field empty.
    Client Authentication From the menu, select Send as Basic Auth header.
  5. Click Get New Access Token.

  6. In the BMC Helix single sign-on login dialog, enter the credentials that BMC has provided.

  7. Retain the refresh_token, bearer_token, and expires_in values returned in the response as they are to be used during connection configuration (if authenticating with 2-legged OAuth) or app registration (if authenticating with 3-legged OAuth).

    Important

    Contact the BMC SaaS Operations team to extend the expiration time of the bearer token.

Configure 3-legged OAuth

This section covers the steps for authenticating the connection to use 3-legged OAuth 2.0 (3LO) authentication with a private application configured in the Management Console App Registrations page (requires private agent version 10.83 / 11.21 or later).

Private applications are applications that you configure for the BMC Helix ITSM instance and then register in the Management Console App Registrations page with these values provided by the BMC SaaS Operations team or obtained through the above steps:

  • Client ID and client secret
  • Authorization URL
  • Access token URL
  • Refresh token URL (see Obtain tokens)

For the Scope field in the app registration, enter online-refresh.

Instructions

These are the instructions for configuring the BMC Helix ITSM required advanced options for the app registration:

  1. In the Token policy tab, enable the Enable refresh token expiration setting and set the expiration period to the expires_in value obtained with the refresh token URL (described above). By default, the expires_in value is 60 days.

  2. In the Authentication request tab (under Parameters) enter these values:

    • Key: Enter response_type.
    • Value: Enter code.
    • Send in: Select Request URL.