As Biplab mentions, we support a LDAP synchronization process in MAS (though it is different than 7.6.1.X as we no longer use the cron task inside of Manage). Since you specifically mentioned a B2C scenario where these users are not part of your AD, I'm not sure if the Azure AD services for enabling Azure AD to support LDAP would work. I assume B2C users are more of a JIT provisioning so a scheduled job to synchronize users wouldn't work well either.
For MAS, we're planning to support SCIM (https://ibm-ai-apps.ideas.ibm.com/ideas/MSS1-I-27) which is an industry standard for provisioning users. Looking at the Azure AD documentation, it looks like B2B scenarios would be supported but B2C would not be (https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/isv-automatic-provisioning-multi-tenant-apps).
We also have approved an idea (https://ibm-ai-apps.ideas.ibm.com/ideas/MSS1-I-48) that isn't clear to me exactly what we're planning to implement. I assume this is to support a JIT provisioning scenario (basically provision the users as they attempt to login) but it doesn't specifically state that.
These won't be added until MAS 8.9 or later (we don't backport new features to existing versions of the product) so if you need something sooner you may have to write your own integration with the MS Graph API. Bulk API support for user management in MAS doesn't exist in the current version (it is being added) so you may find it easiest to integrate the users into Manage and then utilize the MASUSERSYNC cron task to push the users from Manage into MAS. This was only really intended for the initial sync after the upgrade but I know a few customers who are currently using it in the interim until we get the bulk API in the next release.
------------------------------
Steven Shull
------------------------------
Original Message:
Sent: Tue September 13, 2022 10:53 PM
From: Masahiro Kuroe
Subject: User synchronization with Azure AD B2C
Hi Team,
Our client requires us to implement MFA on Maximo. Based on the client requirements, we are discussing integrating MAS-Manage with Azure AD B2C using SAML.
However, in this case, as far as we know, user synchronization is not supported so our client needs to register an user information with both an Azure AD B2C and MAS-Core, which we suppose is inefficient.
Has anybody know the effective solution in terms of user synchronization?
Is there any chance using Azure AD Domain Services could be one of the solution?
We would appreciate it if you could tell me any solutions or any tips.
------------------------------
Masahiro Kuroe
------------------------------
------------------------------
Masahiro Kuroe
------------------------------
#Maximo
#AssetandFacilitiesManagement