Maximo

 View Only
  • 1.  Single Sign-On (SSO) in Maximo 8

    Posted Fri March 18, 2022 04:56 PM

    Hi Guys,

    We are currently implementing Maximo 7.6.1.2 (MAS 8).
    Sometimes ago, I posted a query in this group for Single Sign-On (SSO) with the title "Maximo SSO with multiple Identity Providers" and got some directions from you guys.
    Basically for us, some users are in Azure AD & some users are in Ping Identity.
    We are now trying to upgrade ourselves to Maximo 8 (we are already on MAS8).
    What we are told is that Maximo 8 till now does not provide the flexibility, as was available in Maximo 7.6.1.2, to setup 2 identity providers.
    This is because this is setup while installing and the installation of Maximo 8 is not flexible enough.
    Can someone guide us what to do, as this is not a unique requirement...

    Thanks in Advance



    ------------------------------
    mx pro
    ON
    ------------------------------



    #Maximo
    #AssetandFacilitiesManagement
    #MaximoEAM


  • 2.  RE: Single Sign-On (SSO) in Maximo 8

    User Group Leader
    Posted Mon March 21, 2022 10:28 AM
    here is some documentation for you,

    MAS User and Identity Details: https://www.ibm.com/docs/en/mas85/8.5.0?topic=administering-configuring-suite#users-id-section

    Users and identity

    Maximo Application Suite supports local user authentication by MongoDB and authentication by using Lightweight Directory Access Protocol (LDAP) or Security Assertion Markup Language (SAML).

    LDAP

    To use LDAP user registry with Maximo Application Suite, you need the following LDAP server information:

    Configuration parameters

    The following parameters are configurable:

    • URL of your LDAP instance
    • Bind DN and Bind password
    • Base DN
    • UserID Map

    Upload a CA certificate.

    Required by

    • Optional: Maximo Application Suite at the System scope.

    SAML

    Configuring SAML user authentication for use with Maximo Application Suite is a multistep process:

    1. Create SAML service provider information
      Your Maximo Application Suite server acts as service provider for the SAML identify provider (IdP). You need to provide a preferred service provider name and select a name identifier format, or you can use the default values. The information is written to a service provider metadata file that you use to configure your SAML provider. For more information, see SAML server.
    2. Register with the SAML provider.
      Configure your SAML IdP to recognize Maximo Application Suite. Use the downloaded SP file and follow the information for your SAML provider to complete this step.
    3. From your SAML IdP, download the SAML IdP metadata XML file to Maximo Application Suite.

    Configuration parameters

    The following parameters are configurable:

    • Service provider name
      Use the default provided name or provide one of your own. The name is used to register the Maximo Application Suite service provider.
    • Name identifier format
      The format of the username identifier that is used with the SAML server.

    Required by

    • Optional: Maximo Application Suite at the System scope.

    User registry synchronization

    User registry synchronization simplifies Maximo Application Suite user management by synchronizing users and groups between an LDAP server and your local Maximo Application Suite user registry. For more information, see User registry synchronizationhttps://www.ibm.com/docs/en/mas85/8.5.0?topic=identity-user-registry-synchronization

     

     

    Configuration parameters

    The following parameters are configurable:
    LDAP domain attributes:

    • URL
    • Base DN
    • Bind DN
    • Bind password

    User synchronization:

    • User Base DN
    • User ID map
    • User filter

    Group synchronization:

    • Group Base DN
    • Group filter
    • Group ID map
    • Group member ID map

    Other:

    • Synchronization schedule
    • Identity provider
    • Default permissions


    ------------------------------
    Brian Hagaman
    IBM
    Chicago IL
    ------------------------------



  • 3.  RE: Single Sign-On (SSO) in Maximo 8

    Posted Wed March 23, 2022 11:00 AM
    thanks Brian for the guidance.
    Rights now we are implementing MAS8 which includes Maximo 7.6.1.2. In this we have already managed 2 identity providers... solution was to have different URL for different Identity providers.
    Issue is while upgrading our Maximo 7.6.1.2 to Maximo 8.
    IBM says it is right now not possible in Maximo 8 upgrade... as flexibility is not in the installation package of Maximo 8 (again it is Maximo 8 .... not MAS8)
    Hope this clarifies.
    Can you guide on that plz?

    Regards

    ------------------------------
    mx pro
    ON
    ------------------------------



  • 4.  RE: Single Sign-On (SSO) in Maximo 8

    User Group Leader
    Posted Wed March 23, 2022 12:17 PM
    Hi, I am a customer success manager for Maximo, if you would like to talk with the IBM customer success manager assigned to your account please send me a email at hagaman@us.ibm.com.   I will help get you connected.

    ------------------------------
    Brian Hagaman
    IBM
    Chicago IL
    ------------------------------



  • 5.  RE: Single Sign-On (SSO) in Maximo 8

    Posted Wed March 23, 2022 03:31 PM
    Thanks for your reply Brian.
    two things....
    1) Just to make things clear.... In Maximo Asset Management 7.6.1.2, we already configured with 2 identity providers. I posted a post in this group earlier and got guidance how to implement with having two different URLs for each identity providers.
    For upgrading to Maximo Manage 8, we are told that the installation package of Maximo Manage 8 is not flexible and hence as of now more than one identity providers cannot be done in Maximo Manage 8... as was possible in Maximo Asset Management 7.6.1

    2) Is there any preview site for Maximo Manage 8

    Please guide on this

    Regards

    ------------------------------
    mx pro
    ON
    ------------------------------