here is some documentation for you,
MAS User and Identity Details: https://www.ibm.com/docs/en/mas85/8.5.0?topic=administering-configuring-suite#users-id-section
Users and identity
Maximo Application Suite supports local user authentication by MongoDB and authentication by using Lightweight Directory Access Protocol (LDAP) or Security Assertion Markup Language (SAML).
LDAP
To use LDAP user registry with Maximo Application Suite, you need the following LDAP server information:
Configuration parameters
The following parameters are configurable:
- URL of your LDAP instance
- Bind DN and Bind password
- Base DN
- UserID Map
Upload a CA certificate.
Required by
- Optional: Maximo Application Suite at the System scope.
SAML
Configuring SAML user authentication for use with Maximo Application Suite is a multistep process:
- Create SAML service provider information
Your Maximo Application Suite server acts as service provider for the SAML identify provider (IdP). You need to provide a preferred service provider name and select a name identifier format, or you can use the default values. The information is written to a service provider metadata file that you use to configure your SAML provider. For more information, see SAML server.
- Register with the SAML provider.
Configure your SAML IdP to recognize Maximo Application Suite. Use the downloaded SP file and follow the information for your SAML provider to complete this step.
- From your SAML IdP, download the SAML IdP metadata XML file to Maximo Application Suite.
Configuration parameters
The following parameters are configurable:
- Service provider name
Use the default provided name or provide one of your own. The name is used to register the Maximo Application Suite service provider.
- Name identifier format
The format of the username identifier that is used with the SAML server.
Required by
- Optional: Maximo Application Suite at the System scope.
User registry synchronization
User registry synchronization simplifies Maximo Application Suite user management by synchronizing users and groups between an LDAP server and your local Maximo Application Suite user registry. For more information, see User registry synchronization. https://www.ibm.com/docs/en/mas85/8.5.0?topic=identity-user-registry-synchronization
Configuration parameters
The following parameters are configurable:
LDAP domain attributes:
- URL
- Base DN
- Bind DN
- Bind password
User synchronization:
- User Base DN
- User ID map
- User filter
Group synchronization:
- Group Base DN
- Group filter
- Group ID map
- Group member ID map
Other:
- Synchronization schedule
- Identity provider
- Default permissions
------------------------------
Brian Hagaman
IBM
Chicago IL
------------------------------
Original Message:
Sent: Fri March 18, 2022 04:56 PM
From: mx pro
Subject: Single Sign-On (SSO) in Maximo 8
Hi Guys,
We are currently implementing Maximo 7.6.1.2 (MAS 8).
Sometimes ago, I posted a query in this group for Single Sign-On (SSO) with the title "Maximo SSO with multiple Identity Providers" and got some directions from you guys.
Basically for us, some users are in Azure AD & some users are in Ping Identity.
We are now trying to upgrade ourselves to Maximo 8 (we are already on MAS8).
What we are told is that Maximo 8 till now does not provide the flexibility, as was available in Maximo 7.6.1.2, to setup 2 identity providers.
This is because this is setup while installing and the installation of Maximo 8 is not flexible enough.
Can someone guide us what to do, as this is not a unique requirement...
Thanks in Advance
------------------------------
mx pro
ON
------------------------------
#Maximo
#AssetandFacilitiesManagement
#MaximoEAM