We are using Maximo 7.6.1.3 with Maximo Mobile for EAM 9.0.
SSO with Azure AD is enabled on Maximo 7.6.1.3 and works fine in the browser.

When we log into the Maximo Mobile for EAM app using the same URL, users are redirected to the Microsoft authentication page as expected. However, if a user logs out of the Mobile app and then logs in again, they are always taken back to the Microsoft authentication page and must re-authenticate.

In contrast, when logging into Maximo via a browser: if the user logs out and then logs in again, they are not prompted to re-authenticate with Azure AD (since the browser session persists).

My questions:

• Why is there a difference in behavior between the browser and the Maximo Mobile app?

• Is there a way to configure the Maximo Mobile app to reuse the Azure AD session (similar to the browser) so users don't need to re-enter their credentials every time after logout?

• Or is this the expected design for security reasons?

Any guidance or experience would be appreciated.

#Mobile #SSO

We are using Maximo 7.6.1.3 with Maximo Mobile for EAM 9.0.
SSO with Azure AD is enabled on Maximo 7.6.1.3 and works fine in the browser.

When we log into the Maximo Mobile for EAM app using the same URL, users are redirected to the Microsoft authentication page as expected. However, if a user logs out of the Mobile app and then logs in again, they are always taken back to the Microsoft authentication page and must re-authenticate.

In contrast, when logging into Maximo via a browser: if the user logs out and then logs in again, they are not prompted to re-authenticate with Azure AD (since the browser session persists).

My questions:

• Why is there a difference in behavior between the browser and the Maximo Mobile app?

• Is there a way to configure the Maximo Mobile app to reuse the Azure AD session (similar to the browser) so users don't need to re-enter their credentials every time after logout?

• Or is this the expected design for security reasons?

Any guidance or experience would be appreciated.

#Mobile #SSO

@Steven Shull - Hi Steven, are you able to share some insights on this? Thanks.

We are using Maximo 7.6.1.3 with Maximo Mobile for EAM 9.0.
SSO with Azure AD is enabled on Maximo 7.6.1.3 and works fine in the browser.

When we log into the Maximo Mobile for EAM app using the same URL, users are redirected to the Microsoft authentication page as expected. However, if a user logs out of the Mobile app and then logs in again, they are always taken back to the Microsoft authentication page and must re-authenticate.

In contrast, when logging into Maximo via a browser: if the user logs out and then logs in again, they are not prompted to re-authenticate with Azure AD (since the browser session persists).

My questions:

• Why is there a difference in behavior between the browser and the Maximo Mobile app?

• Is there a way to configure the Maximo Mobile app to reuse the Azure AD session (similar to the browser) so users don't need to re-enter their credentials every time after logout?

• Or is this the expected design for security reasons?

Any guidance or experience would be appreciated.

#Mobile #SSO

This is expected. Maximo Mobile deletes the cookies when a user logs out because it's quite common for mobile devices to be shared across multiple users. Without this removal of cookies, you could run into situations where "Bob" could authenticate as "Larry". 

In MAS, there is a SP initiated logout feature where even in desktop, if you logout it can invalidate your SSO session. This was added for similar reasons to ensure that users that have shared workstations would not re-use a previous user's session. 

@Steven Shull - Hi Steven, are you able to share some insights on this? Thanks.

We are using Maximo 7.6.1.3 with Maximo Mobile for EAM 9.0.
SSO with Azure AD is enabled on Maximo 7.6.1.3 and works fine in the browser.

When we log into the Maximo Mobile for EAM app using the same URL, users are redirected to the Microsoft authentication page as expected. However, if a user logs out of the Mobile app and then logs in again, they are always taken back to the Microsoft authentication page and must re-authenticate.

In contrast, when logging into Maximo via a browser: if the user logs out and then logs in again, they are not prompted to re-authenticate with Azure AD (since the browser session persists).

My questions:

• Why is there a difference in behavior between the browser and the Maximo Mobile app?

• Is there a way to configure the Maximo Mobile app to reuse the Azure AD session (similar to the browser) so users don't need to re-enter their credentials every time after logout?

• Or is this the expected design for security reasons?

Any guidance or experience would be appreciated.

#Mobile #SSO

Thanks Steve. What's the best practice then? It's very inconvenient for the user to enter the credentials again and again. They are comparing the app with other apps that we use in daily life such as banking apps where facial recognition is enough to login to the app. How can we improve the user experience instead of getting them annoyed? It's probalby a question for IBM.

This is expected. Maximo Mobile deletes the cookies when a user logs out because it's quite common for mobile devices to be shared across multiple users. Without this removal of cookies, you could run into situations where "Bob" could authenticate as "Larry". 

In MAS, there is a SP initiated logout feature where even in desktop, if you logout it can invalidate your SSO session. This was added for similar reasons to ensure that users that have shared workstations would not re-use a previous user's session. 

@Steven Shull - Hi Steven, are you able to share some insights on this? Thanks.

We are using Maximo 7.6.1.3 with Maximo Mobile for EAM 9.0.
SSO with Azure AD is enabled on Maximo 7.6.1.3 and works fine in the browser.

When we log into the Maximo Mobile for EAM app using the same URL, users are redirected to the Microsoft authentication page as expected. However, if a user logs out of the Mobile app and then logs in again, they are always taken back to the Microsoft authentication page and must re-authenticate.

In contrast, when logging into Maximo via a browser: if the user logs out and then logs in again, they are not prompted to re-authenticate with Azure AD (since the browser session persists).

My questions:

• Why is there a difference in behavior between the browser and the Maximo Mobile app?

• Is there a way to configure the Maximo Mobile app to reuse the Azure AD session (similar to the browser) so users don't need to re-enter their credentials every time after logout?

• Or is this the expected design for security reasons?

Any guidance or experience would be appreciated.

#Mobile #SSO

Something you could look at is trying to use your web browser for the authentication piece. If you're deploying via MDM, you can have the authentication open in the external browser rather than the in-app browser. Setting the URL of the Maximo Application Suite server in the Maximo Mobile application - IBM Documentation

Since Maximo Mobile can't delete cookies for the web browser (it can only manage its own cookies inside the app), you likely wouldn't have the same issue. This wasn't always possible in EAM but was added as part of 9.0 I believe (it's definitely available in 9.0, just can't remember if it was 8.11 or 9.0).


Beyond that, there's not really a good option they can implement. Certainly, feel free to open an idea, I'm just not sure how it could be done without introducing security problems.

Banking apps work because they control your credentials and are really only used on dedicated devices. Most customers utilizing Maximo utilize SAML like yourself and often on shared devices. The only way they could handle that is enabling a bypass mechanism where they would skip the identity provider. There are a whole series of controls in SAML authentication flows including conditional access policies (only allow authentication if the device is trusted for example, on specific networks, etc.), two factor authentication, etc. that customers would not want the application to bypass.  

Or you keep the cookies but then run the risk on a shared device that requests are authenticated as the incorrect user. 

Thanks Steve. What's the best practice then? It's very inconvenient for the user to enter the credentials again and again. They are comparing the app with other apps that we use in daily life such as banking apps where facial recognition is enough to login to the app. How can we improve the user experience instead of getting them annoyed? It's probalby a question for IBM.

This is expected. Maximo Mobile deletes the cookies when a user logs out because it's quite common for mobile devices to be shared across multiple users. Without this removal of cookies, you could run into situations where "Bob" could authenticate as "Larry". 

In MAS, there is a SP initiated logout feature where even in desktop, if you logout it can invalidate your SSO session. This was added for similar reasons to ensure that users that have shared workstations would not re-use a previous user's session. 

@Steven Shull - Hi Steven, are you able to share some insights on this? Thanks.

We are using Maximo 7.6.1.3 with Maximo Mobile for EAM 9.0.
SSO with Azure AD is enabled on Maximo 7.6.1.3 and works fine in the browser.

When we log into the Maximo Mobile for EAM app using the same URL, users are redirected to the Microsoft authentication page as expected. However, if a user logs out of the Mobile app and then logs in again, they are always taken back to the Microsoft authentication page and must re-authenticate.

In contrast, when logging into Maximo via a browser: if the user logs out and then logs in again, they are not prompted to re-authenticate with Azure AD (since the browser session persists).

My questions:

• Why is there a difference in behavior between the browser and the Maximo Mobile app?

• Is there a way to configure the Maximo Mobile app to reuse the Azure AD session (similar to the browser) so users don't need to re-enter their credentials every time after logout?

• Or is this the expected design for security reasons?

Any guidance or experience would be appreciated.

#Mobile #SSO

Something you could look at is trying to use your web browser for the authentication piece. If you're deploying via MDM, you can have the authentication open in the external browser rather than the in-app browser. Setting the URL of the Maximo Application Suite server in the Maximo Mobile application - IBM Documentation

Since Maximo Mobile can't delete cookies for the web browser (it can only manage its own cookies inside the app), you likely wouldn't have the same issue. This wasn't always possible in EAM but was added as part of 9.0 I believe (it's definitely available in 9.0, just can't remember if it was 8.11 or 9.0).


Beyond that, there's not really a good option they can implement. Certainly, feel free to open an idea, I'm just not sure how it could be done without introducing security problems.

Banking apps work because they control your credentials and are really only used on dedicated devices. Most customers utilizing Maximo utilize SAML like yourself and often on shared devices. The only way they could handle that is enabling a bypass mechanism where they would skip the identity provider. There are a whole series of controls in SAML authentication flows including conditional access policies (only allow authentication if the device is trusted for example, on specific networks, etc.), two factor authentication, etc. that customers would not want the application to bypass.  

Or you keep the cookies but then run the risk on a shared device that requests are authenticated as the incorrect user. 

Thanks Steve. What's the best practice then? It's very inconvenient for the user to enter the credentials again and again. They are comparing the app with other apps that we use in daily life such as banking apps where facial recognition is enough to login to the app. How can we improve the user experience instead of getting them annoyed? It's probalby a question for IBM.

This is expected. Maximo Mobile deletes the cookies when a user logs out because it's quite common for mobile devices to be shared across multiple users. Without this removal of cookies, you could run into situations where "Bob" could authenticate as "Larry". 

In MAS, there is a SP initiated logout feature where even in desktop, if you logout it can invalidate your SSO session. This was added for similar reasons to ensure that users that have shared workstations would not re-use a previous user's session. 

@Steven Shull - Hi Steven, are you able to share some insights on this? Thanks.

We are using Maximo 7.6.1.3 with Maximo Mobile for EAM 9.0.
SSO with Azure AD is enabled on Maximo 7.6.1.3 and works fine in the browser.

When we log into the Maximo Mobile for EAM app using the same URL, users are redirected to the Microsoft authentication page as expected. However, if a user logs out of the Mobile app and then logs in again, they are always taken back to the Microsoft authentication page and must re-authenticate.

In contrast, when logging into Maximo via a browser: if the user logs out and then logs in again, they are not prompted to re-authenticate with Azure AD (since the browser session persists).

My questions:

• Why is there a difference in behavior between the browser and the Maximo Mobile app?

• Is there a way to configure the Maximo Mobile app to reuse the Azure AD session (similar to the browser) so users don't need to re-enter their credentials every time after logout?

• Or is this the expected design for security reasons?

Any guidance or experience would be appreciated.

#Mobile #SSO

Hi @Steven Shull,

We are using Maximo 7613 with Mobile 9. Managed to configure SSO with Azure AD and login working perfectly from web application.
Where as in mobile application it's not redirecting to the SSO log-in page, instead it shows as "Invalid server address or server not available" message. I'm attaching the web sphere trace log for reference. Appreciate if you can go through and let us what's wrong there.

 

We are using android devices with out any MDM.

Thanks,

Suresh.

Something you could look at is trying to use your web browser for the authentication piece. If you're deploying via MDM, you can have the authentication open in the external browser rather than the in-app browser. Setting the URL of the Maximo Application Suite server in the Maximo Mobile application - IBM Documentation

Since Maximo Mobile can't delete cookies for the web browser (it can only manage its own cookies inside the app), you likely wouldn't have the same issue. This wasn't always possible in EAM but was added as part of 9.0 I believe (it's definitely available in 9.0, just can't remember if it was 8.11 or 9.0).


Beyond that, there's not really a good option they can implement. Certainly, feel free to open an idea, I'm just not sure how it could be done without introducing security problems.

Banking apps work because they control your credentials and are really only used on dedicated devices. Most customers utilizing Maximo utilize SAML like yourself and often on shared devices. The only way they could handle that is enabling a bypass mechanism where they would skip the identity provider. There are a whole series of controls in SAML authentication flows including conditional access policies (only allow authentication if the device is trusted for example, on specific networks, etc.), two factor authentication, etc. that customers would not want the application to bypass.  

Or you keep the cookies but then run the risk on a shared device that requests are authenticated as the incorrect user. 

Thanks Steve. What's the best practice then? It's very inconvenient for the user to enter the credentials again and again. They are comparing the app with other apps that we use in daily life such as banking apps where facial recognition is enough to login to the app. How can we improve the user experience instead of getting them annoyed? It's probalby a question for IBM.

This is expected. Maximo Mobile deletes the cookies when a user logs out because it's quite common for mobile devices to be shared across multiple users. Without this removal of cookies, you could run into situations where "Bob" could authenticate as "Larry". 

In MAS, there is a SP initiated logout feature where even in desktop, if you logout it can invalidate your SSO session. This was added for similar reasons to ensure that users that have shared workstations would not re-use a previous user's session. 

@Steven Shull - Hi Steven, are you able to share some insights on this? Thanks.

We are using Maximo 7.6.1.3 with Maximo Mobile for EAM 9.0.
SSO with Azure AD is enabled on Maximo 7.6.1.3 and works fine in the browser.

When we log into the Maximo Mobile for EAM app using the same URL, users are redirected to the Microsoft authentication page as expected. However, if a user logs out of the Mobile app and then logs in again, they are always taken back to the Microsoft authentication page and must re-authenticate.

In contrast, when logging into Maximo via a browser: if the user logs out and then logs in again, they are not prompted to re-authenticate with Azure AD (since the browser session persists).

My questions:

• Why is there a difference in behavior between the browser and the Maximo Mobile app?

• Is there a way to configure the Maximo Mobile app to reuse the Azure AD session (similar to the browser) so users don't need to re-enter their credentials every time after logout?

• Or is this the expected design for security reasons?

Any guidance or experience would be appreciated.

#Mobile #SSO

We are using Maximo 7.6.1.3 with Maximo Mobile for EAM 9.0.
SSO with Azure AD is enabled on Maximo 7.6.1.3 and works fine in the browser.

When we log into the Maximo Mobile for EAM app using the same URL, users are redirected to the Microsoft authentication page as expected. However, if a user logs out of the Mobile app and then logs in again, they are always taken back to the Microsoft authentication page and must re-authenticate.

In contrast, when logging into Maximo via a browser: if the user logs out and then logs in again, they are not prompted to re-authenticate with Azure AD (since the browser session persists).

My questions:

• Why is there a difference in behavior between the browser and the Maximo Mobile app?

• Is there a way to configure the Maximo Mobile app to reuse the Azure AD session (similar to the browser) so users don't need to re-enter their credentials every time after logout?

• Or is this the expected design for security reasons?

Any guidance or experience would be appreciated.

#Mobile #SSO

Hi @Sourabh Jain, We are facing issues with similar SSO setup using Maximo 7.6.1.3 and Mobile 9.0.

We wanted to verify the Azure settings and websphere interceptor settings as we are facing issue like getting white blank screen. 

Could you please share us the inputs to cross check the settings with respect to the error mentioned.

Thanks

We are using Maximo 7.6.1.3 with Maximo Mobile for EAM 9.0.
SSO with Azure AD is enabled on Maximo 7.6.1.3 and works fine in the browser.

When we log into the Maximo Mobile for EAM app using the same URL, users are redirected to the Microsoft authentication page as expected. However, if a user logs out of the Mobile app and then logs in again, they are always taken back to the Microsoft authentication page and must re-authenticate.

In contrast, when logging into Maximo via a browser: if the user logs out and then logs in again, they are not prompted to re-authenticate with Azure AD (since the browser session persists).

My questions:

• Why is there a difference in behavior between the browser and the Maximo Mobile app?

• Is there a way to configure the Maximo Mobile app to reuse the Azure AD session (similar to the browser) so users don't need to re-enter their credentials every time after logout?

• Or is this the expected design for security reasons?

Any guidance or experience would be appreciated.

#Mobile #SSO

We are using Maximo 7.6.1.3 with Maximo Mobile for EAM 9.0.
SSO with Azure AD is enabled on Maximo 7.6.1.3 and works fine in the browser.

When we log into the Maximo Mobile for EAM app using the same URL, users are redirected to the Microsoft authentication page as expected. However, if a user logs out of the Mobile app and then logs in again, they are always taken back to the Microsoft authentication page and must re-authenticate.

In contrast, when logging into Maximo via a browser: if the user logs out and then logs in again, they are not prompted to re-authenticate with Azure AD (since the browser session persists).

My questions:

• Why is there a difference in behavior between the browser and the Maximo Mobile app?

• Is there a way to configure the Maximo Mobile app to reuse the Azure AD session (similar to the browser) so users don't need to re-enter their credentials every time after logout?

• Or is this the expected design for security reasons?

Any guidance or experience would be appreciated.

#Mobile #SSO

------------------------------
[Sourabh] [Jain]
[Cosol]
[Melbourne] [Vic]
------------------------------

Hi Sourabh,

As we experienced, the sso (directly logging into the app when opening the app without having credentials to be entered) only works with managed devices.

In Azure in the appconfig.xml the option "useSystemBrowserLogin" should be set to true. 

For iOS there is a SSO plugin for Azure, which should be installed on Azure side then (https://learn.microsoft.com/en-us/entra/identity-platform/apple-sso-plugin).

For Android, in MS authenticator, under settings -> device registration -> <company> -> Enable browser access -> continue and accept certificate.

This is possible when the device id is passed through to Azure. (Which is the case as from 9.0 I believe, it has been changed in the App Store app as from version - Android Maximo Mobile for EAM version 1.0.20).

Note, this will only work if Maximo is open to the internet without a pre-authentcation proxy. A proxy with pass through does work.

PS. Also when the session timed out and the user needs to re-login. After a push on the chevron next to the timeout message in the  data update menu, the login process will be automatically done without having to enter credentials.

I hope this will help you to get a bit further.

------------------------------
Larry van Elewoud
Technical Engineer
Gemba Service B.V.
Netherlands

Original Message:
Sent: Mon September 22, 2025 10:11 PM
From: Sourabh Jain
Subject: Difference in Azure AD SSO behavior between Maximo browser and Maximo Mobile for EAM

We are using Maximo 7.6.1.3 with Maximo Mobile for EAM 9.0.
SSO with Azure AD is enabled on Maximo 7.6.1.3 and works fine in the browser.

When we log into the Maximo Mobile for EAM app using the same URL, users are redirected to the Microsoft authentication page as expected. However, if a user logs out of the Mobile app and then logs in again, they are always taken back to the Microsoft authentication page and must re-authenticate.

In contrast, when logging into Maximo via a browser: if the user logs out and then logs in again, they are not prompted to re-authenticate with Azure AD (since the browser session persists).

My questions:

• Why is there a difference in behavior between the browser and the Maximo Mobile app?

• Is there a way to configure the Maximo Mobile app to reuse the Azure AD session (similar to the browser) so users don't need to re-enter their credentials every time after logout?

• Or is this the expected design for security reasons?

Any guidance or experience would be appreciated.

#Mobile #SSO

------------------------------
[Sourabh] [Jain]
[Cosol]
[Melbourne] [Vic]
------------------------------

Hi Sourabh,

As we experienced, the sso (directly logging into the app when opening the app without having credentials to be entered) only works with managed devices.

In Azure in the appconfig.xml the option "useSystemBrowserLogin" should be set to true. 

For iOS there is a SSO plugin for Azure, which should be installed on Azure side then (https://learn.microsoft.com/en-us/entra/identity-platform/apple-sso-plugin).

For Android, in MS authenticator, under settings -> device registration -> <company> -> Enable browser access -> continue and accept certificate.

This is possible when the device id is passed through to Azure. (Which is the case as from 9.0 I believe, it has been changed in the App Store app as from version - Android Maximo Mobile for EAM version 1.0.20).

Note, this will only work if Maximo is open to the internet without a pre-authentcation proxy. A proxy with pass through does work.

PS. Also when the session timed out and the user needs to re-login. After a push on the chevron next to the timeout message in the  data update menu, the login process will be automatically done without having to enter credentials.

I hope this will help you to get a bit further.

------------------------------
Larry van Elewoud
Technical Engineer
Gemba Service B.V.
Netherlands

Original Message:
Sent: Mon September 22, 2025 10:11 PM
From: Sourabh Jain
Subject: Difference in Azure AD SSO behavior between Maximo browser and Maximo Mobile for EAM

We are using Maximo 7.6.1.3 with Maximo Mobile for EAM 9.0.
SSO with Azure AD is enabled on Maximo 7.6.1.3 and works fine in the browser.

When we log into the Maximo Mobile for EAM app using the same URL, users are redirected to the Microsoft authentication page as expected. However, if a user logs out of the Mobile app and then logs in again, they are always taken back to the Microsoft authentication page and must re-authenticate.

In contrast, when logging into Maximo via a browser: if the user logs out and then logs in again, they are not prompted to re-authenticate with Azure AD (since the browser session persists).

My questions:

• Why is there a difference in behavior between the browser and the Maximo Mobile app?

• Is there a way to configure the Maximo Mobile app to reuse the Azure AD session (similar to the browser) so users don't need to re-enter their credentials every time after logout?

• Or is this the expected design for security reasons?

Any guidance or experience would be appreciated.

#Mobile #SSO

------------------------------
[Sourabh] [Jain]
[Cosol]
[Melbourne] [Vic]
------------------------------

Hi Larry, 

It worked for us. We are using Entra and we set the useSystemBrowserLogin property to ture.

On Windows platform, we have disabled the bio-matric login so there is no issue. It doesn't ask for the credentials and I can just log in which solves the problem.

Howerver, on iOS devices - it did work in the same way but if I enable the bio-matric, then it goes back to the previous stage. I am now looking for a way to disable the bio-matric on iOS devices as I did in Windows. I referred to the SSO plug-in website that you mentioned and our MDM team confirmed that it's already installed.

Any thoughts please, thanks once again.

Hi Sourabh,

As we experienced, the sso (directly logging into the app when opening the app without having credentials to be entered) only works with managed devices.

In Azure in the appconfig.xml the option "useSystemBrowserLogin" should be set to true. 

For iOS there is a SSO plugin for Azure, which should be installed on Azure side then (https://learn.microsoft.com/en-us/entra/identity-platform/apple-sso-plugin).

For Android, in MS authenticator, under settings -> device registration -> <company> -> Enable browser access -> continue and accept certificate.

This is possible when the device id is passed through to Azure. (Which is the case as from 9.0 I believe, it has been changed in the App Store app as from version - Android Maximo Mobile for EAM version 1.0.20).

Note, this will only work if Maximo is open to the internet without a pre-authentcation proxy. A proxy with pass through does work.

PS. Also when the session timed out and the user needs to re-login. After a push on the chevron next to the timeout message in the  data update menu, the login process will be automatically done without having to enter credentials.

I hope this will help you to get a bit further.

------------------------------
Larry van Elewoud
Technical Engineer
Gemba Service B.V.
Netherlands

Original Message:
Sent: Mon September 22, 2025 10:11 PM
From: Sourabh Jain
Subject: Difference in Azure AD SSO behavior between Maximo browser and Maximo Mobile for EAM

We are using Maximo 7.6.1.3 with Maximo Mobile for EAM 9.0.
SSO with Azure AD is enabled on Maximo 7.6.1.3 and works fine in the browser.

When we log into the Maximo Mobile for EAM app using the same URL, users are redirected to the Microsoft authentication page as expected. However, if a user logs out of the Mobile app and then logs in again, they are always taken back to the Microsoft authentication page and must re-authenticate.

In contrast, when logging into Maximo via a browser: if the user logs out and then logs in again, they are not prompted to re-authenticate with Azure AD (since the browser session persists).

My questions:

• Why is there a difference in behavior between the browser and the Maximo Mobile app?

• Is there a way to configure the Maximo Mobile app to reuse the Azure AD session (similar to the browser) so users don't need to re-enter their credentials every time after logout?

• Or is this the expected design for security reasons?

Any guidance or experience would be appreciated.

#Mobile #SSO

------------------------------
[Sourabh] [Jain]
[Cosol]
[Melbourne] [Vic]
------------------------------

Hi Larry, 

It worked for us. We are using Entra and we set the useSystemBrowserLogin property to ture.

On Windows platform, we have disabled the bio-matric login so there is no issue. It doesn't ask for the credentials and I can just log in which solves the problem.

Howerver, on iOS devices - it did work in the same way but if I enable the bio-matric, then it goes back to the previous stage. I am now looking for a way to disable the bio-matric on iOS devices as I did in Windows. I referred to the SSO plug-in website that you mentioned and our MDM team confirmed that it's already installed.

Any thoughts please, thanks once again.

Hi Sourabh,

As we experienced, the sso (directly logging into the app when opening the app without having credentials to be entered) only works with managed devices.

In Azure in the appconfig.xml the option "useSystemBrowserLogin" should be set to true. 

For iOS there is a SSO plugin for Azure, which should be installed on Azure side then (https://learn.microsoft.com/en-us/entra/identity-platform/apple-sso-plugin).

For Android, in MS authenticator, under settings -> device registration -> <company> -> Enable browser access -> continue and accept certificate.

This is possible when the device id is passed through to Azure. (Which is the case as from 9.0 I believe, it has been changed in the App Store app as from version - Android Maximo Mobile for EAM version 1.0.20).

Note, this will only work if Maximo is open to the internet without a pre-authentcation proxy. A proxy with pass through does work.

PS. Also when the session timed out and the user needs to re-login. After a push on the chevron next to the timeout message in the  data update menu, the login process will be automatically done without having to enter credentials.

I hope this will help you to get a bit further.

------------------------------
Larry van Elewoud
Technical Engineer
Gemba Service B.V.
Netherlands

Original Message:
Sent: Mon September 22, 2025 10:11 PM
From: Sourabh Jain
Subject: Difference in Azure AD SSO behavior between Maximo browser and Maximo Mobile for EAM

We are using Maximo 7.6.1.3 with Maximo Mobile for EAM 9.0.
SSO with Azure AD is enabled on Maximo 7.6.1.3 and works fine in the browser.

When we log into the Maximo Mobile for EAM app using the same URL, users are redirected to the Microsoft authentication page as expected. However, if a user logs out of the Mobile app and then logs in again, they are always taken back to the Microsoft authentication page and must re-authenticate.

In contrast, when logging into Maximo via a browser: if the user logs out and then logs in again, they are not prompted to re-authenticate with Azure AD (since the browser session persists).

My questions:

• Why is there a difference in behavior between the browser and the Maximo Mobile app?

• Is there a way to configure the Maximo Mobile app to reuse the Azure AD session (similar to the browser) so users don't need to re-enter their credentials every time after logout?

• Or is this the expected design for security reasons?

Any guidance or experience would be appreciated.

#Mobile #SSO

------------------------------
[Sourabh] [Jain]
[Cosol]
[Melbourne] [Vic]
------------------------------