Hi everyone,

Recently when trying to login to Maximo mobile app , I encountered a mandatory requirement of biometric security mandatory when using the Maximo mobile app. 

I can see the same mentioned in this link from IBM, which means it is mandatory to enable Biometric on the device:

Device requirements for Maximo Mobile

This is unacceptable for one of my customer and we need to access the app without needing the biometric enabled.

I am wondering if there is any work around to this biometric mandatory.

 On Windows there's a way to disable this but there is not a way on iOS/Android when using SAML. With LDAP, a device pin/biometrics is not required.

NOTE: In MAS, no matter how authentication is configured, you must configure a device pin/biometrics since our identity provider is always using OIDC. 

We generate & store the encryption key of the sqlite database in the device trust store when using SAML. This is because we do not have access to the user's password to use in the encryption/decryption process. When LDAP authentication is configured, the user's password is accessible to us, so we use that to encrypt and encrypt the local database. When you store something in the device trust store, iOS & Android require that we have a device pin configured before accessing the trust store. This is to avoid someone that has physical access to the device to access sensitive information that could be stored in the trust store.  

In addition to decrypting the local database (which is necessary online or offline), we also use the device pin/biometrics to enable offline login on the devices. When these are shared devices, you want to explicitly disable the offline login setting. In the AppConfig used to configure the app via your MDM provider, you can set disableOfflineLogin to true.This will prevent the offline login from occurring on a shared device, though it will still require that a device pin is configured since we need to store the encryption/decryption key. Our guide on AppConfig can be found here https://www.ibm.com/docs/en/masv-and-l/maximo-manage/continuous-delivery?topic=dbc-setting-url-maximo-application-suite-server-in-maximo-mobile-application

Hope this helps

Hi everyone,

Recently when trying to login to Maximo mobile app , I encountered a mandatory requirement of biometric security mandatory when using the Maximo mobile app. 

I can see the same mentioned in this link from IBM, which means it is mandatory to enable Biometric on the device:

Device requirements for Maximo Mobile

This is unacceptable for one of my customer and we need to access the app without needing the biometric enabled.

I am wondering if there is any work around to this biometric mandatory.

Hi Janvee,

You mentioned " On Windows there's a way to disable this..." Do you have little bit more information on how this can be disabled on Windows when using SAML?

Thanks,
PJ

 On Windows there's a way to disable this but there is not a way on iOS/Android when using SAML. With LDAP, a device pin/biometrics is not required.

NOTE: In MAS, no matter how authentication is configured, you must configure a device pin/biometrics since our identity provider is always using OIDC. 

We generate & store the encryption key of the sqlite database in the device trust store when using SAML. This is because we do not have access to the user's password to use in the encryption/decryption process. When LDAP authentication is configured, the user's password is accessible to us, so we use that to encrypt and encrypt the local database. When you store something in the device trust store, iOS & Android require that we have a device pin configured before accessing the trust store. This is to avoid someone that has physical access to the device to access sensitive information that could be stored in the trust store.  

In addition to decrypting the local database (which is necessary online or offline), we also use the device pin/biometrics to enable offline login on the devices. When these are shared devices, you want to explicitly disable the offline login setting. In the AppConfig used to configure the app via your MDM provider, you can set disableOfflineLogin to true.This will prevent the offline login from occurring on a shared device, though it will still require that a device pin is configured since we need to store the encryption/decryption key. Our guide on AppConfig can be found here https://www.ibm.com/docs/en/masv-and-l/maximo-manage/continuous-delivery?topic=dbc-setting-url-maximo-application-suite-server-in-maximo-mobile-application

Hope this helps

Hi everyone,

Recently when trying to login to Maximo mobile app , I encountered a mandatory requirement of biometric security mandatory when using the Maximo mobile app. 

I can see the same mentioned in this link from IBM, which means it is mandatory to enable Biometric on the device:

Device requirements for Maximo Mobile

This is unacceptable for one of my customer and we need to access the app without needing the biometric enabled.

I am wondering if there is any work around to this biometric mandatory.

Hi Prajesh.. Run below command from Command Prompt. let me know if it still doesn't work for you

start "" "maximomobileeam://settings?enableWindowsHello=false"

Hi Janvee,

You mentioned " On Windows there's a way to disable this..." Do you have little bit more information on how this can be disabled on Windows when using SAML?

Thanks,
PJ

 On Windows there's a way to disable this but there is not a way on iOS/Android when using SAML. With LDAP, a device pin/biometrics is not required.

NOTE: In MAS, no matter how authentication is configured, you must configure a device pin/biometrics since our identity provider is always using OIDC. 

We generate & store the encryption key of the sqlite database in the device trust store when using SAML. This is because we do not have access to the user's password to use in the encryption/decryption process. When LDAP authentication is configured, the user's password is accessible to us, so we use that to encrypt and encrypt the local database. When you store something in the device trust store, iOS & Android require that we have a device pin configured before accessing the trust store. This is to avoid someone that has physical access to the device to access sensitive information that could be stored in the trust store.  

In addition to decrypting the local database (which is necessary online or offline), we also use the device pin/biometrics to enable offline login on the devices. When these are shared devices, you want to explicitly disable the offline login setting. In the AppConfig used to configure the app via your MDM provider, you can set disableOfflineLogin to true.This will prevent the offline login from occurring on a shared device, though it will still require that a device pin is configured since we need to store the encryption/decryption key. Our guide on AppConfig can be found here https://www.ibm.com/docs/en/masv-and-l/maximo-manage/continuous-delivery?topic=dbc-setting-url-maximo-application-suite-server-in-maximo-mobile-application

Hope this helps

Hi everyone,

Recently when trying to login to Maximo mobile app , I encountered a mandatory requirement of biometric security mandatory when using the Maximo mobile app. 

I can see the same mentioned in this link from IBM, which means it is mandatory to enable Biometric on the device:

Device requirements for Maximo Mobile

This is unacceptable for one of my customer and we need to access the app without needing the biometric enabled.

I am wondering if there is any work around to this biometric mandatory.

Hi Prajesh.. Run below command from Command Prompt. let me know if it still doesn't work for you

start "" "maximomobileeam://settings?enableWindowsHello=false"

Hi Janvee,

You mentioned " On Windows there's a way to disable this..." Do you have little bit more information on how this can be disabled on Windows when using SAML?

Thanks,
PJ

 On Windows there's a way to disable this but there is not a way on iOS/Android when using SAML. With LDAP, a device pin/biometrics is not required.

NOTE: In MAS, no matter how authentication is configured, you must configure a device pin/biometrics since our identity provider is always using OIDC. 

We generate & store the encryption key of the sqlite database in the device trust store when using SAML. This is because we do not have access to the user's password to use in the encryption/decryption process. When LDAP authentication is configured, the user's password is accessible to us, so we use that to encrypt and encrypt the local database. When you store something in the device trust store, iOS & Android require that we have a device pin configured before accessing the trust store. This is to avoid someone that has physical access to the device to access sensitive information that could be stored in the trust store.  

In addition to decrypting the local database (which is necessary online or offline), we also use the device pin/biometrics to enable offline login on the devices. When these are shared devices, you want to explicitly disable the offline login setting. In the AppConfig used to configure the app via your MDM provider, you can set disableOfflineLogin to true.This will prevent the offline login from occurring on a shared device, though it will still require that a device pin is configured since we need to store the encryption/decryption key. Our guide on AppConfig can be found here https://www.ibm.com/docs/en/masv-and-l/maximo-manage/continuous-delivery?topic=dbc-setting-url-maximo-application-suite-server-in-maximo-mobile-application

Hope this helps

Hi everyone,

Recently when trying to login to Maximo mobile app , I encountered a mandatory requirement of biometric security mandatory when using the Maximo mobile app. 

I can see the same mentioned in this link from IBM, which means it is mandatory to enable Biometric on the device:

Device requirements for Maximo Mobile

This is unacceptable for one of my customer and we need to access the app without needing the biometric enabled.

I am wondering if there is any work around to this biometric mandatory.

 On Windows there's a way to disable this but there is not a way on iOS/Android when using SAML. With LDAP, a device pin/biometrics is not required.

NOTE: In MAS, no matter how authentication is configured, you must configure a device pin/biometrics since our identity provider is always using OIDC. 

We generate & store the encryption key of the sqlite database in the device trust store when using SAML. This is because we do not have access to the user's password to use in the encryption/decryption process. When LDAP authentication is configured, the user's password is accessible to us, so we use that to encrypt and encrypt the local database. When you store something in the device trust store, iOS & Android require that we have a device pin configured before accessing the trust store. This is to avoid someone that has physical access to the device to access sensitive information that could be stored in the trust store.  

In addition to decrypting the local database (which is necessary online or offline), we also use the device pin/biometrics to enable offline login on the devices. When these are shared devices, you want to explicitly disable the offline login setting. In the AppConfig used to configure the app via your MDM provider, you can set disableOfflineLogin to true.This will prevent the offline login from occurring on a shared device, though it will still require that a device pin is configured since we need to store the encryption/decryption key. Our guide on AppConfig can be found here https://www.ibm.com/docs/en/masv-and-l/maximo-manage/continuous-delivery?topic=dbc-setting-url-maximo-application-suite-server-in-maximo-mobile-application

Hope this helps

Hi everyone,

Recently when trying to login to Maximo mobile app , I encountered a mandatory requirement of biometric security mandatory when using the Maximo mobile app. 

I can see the same mentioned in this link from IBM, which means it is mandatory to enable Biometric on the device:

Device requirements for Maximo Mobile

This is unacceptable for one of my customer and we need to access the app without needing the biometric enabled.

I am wondering if there is any work around to this biometric mandatory.

Hi everyone,

Recently when trying to login to Maximo mobile app , I encountered a mandatory requirement of biometric security mandatory when using the Maximo mobile app. 

I can see the same mentioned in this link from IBM, which means it is mandatory to enable Biometric on the device:

Device requirements for Maximo Mobile

This is unacceptable for one of my customer and we need to access the app without needing the biometric enabled.

I am wondering if there is any work around to this biometric mandatory.

Biplab,

Hope all is well with you. Not sure why it is "unacceptable" but nonetheless.... please note that the error message does not require Bio-metric ONLY.  It states you can enable PIN code as alternative.  If customer is desirable of a completely unsecured deployment I am not sure what else can be done. I am confident you can help them at least with a PIN code security entry.

Hi everyone,

Recently when trying to login to Maximo mobile app , I encountered a mandatory requirement of biometric security mandatory when using the Maximo mobile app. 

I can see the same mentioned in this link from IBM, which means it is mandatory to enable Biometric on the device:

Device requirements for Maximo Mobile

This is unacceptable for one of my customer and we need to access the app without needing the biometric enabled.

I am wondering if there is any work around to this biometric mandatory.

Hi everyone,

Recently when trying to login to Maximo mobile app , I encountered a mandatory requirement of biometric security mandatory when using the Maximo mobile app. 

I can see the same mentioned in this link from IBM, which means it is mandatory to enable Biometric on the device:

Device requirements for Maximo Mobile

This is unacceptable for one of my customer and we need to access the app without needing the biometric enabled.

I am wondering if there is any work around to this biometric mandatory.