Hello,

We are currently on MAXIMO 7.6.1.3 and we are using custom built batch jobs (that use OSLC JSON REST API) to synchronize the person information (person, email and phone) from our Data warehouse to MAXIMO.  As a part of the person record, we bring additional organization specific information (e.g. supervisor, division, department, group etc) of the person using these jobs. The jobs are running fine. Whenever a new user needs to be added, in MAXIMO, we just add the new user with the user id (which is not the same as person id in our case) and associate that person id to that user and grant that user specific privileges. 

We heard from our application provider that they executed a job that synchronized user information from Manage to MAS as a one time effort. However, the fields were not correctly mapped (e.g. the email address in Manage is mapped to SAML id in MAS) which is causing issues. Any idea which cron task in Manage does this synchronization? Is there any documentation about the mapping of the fields within Manage and MAS? Any way, we can customize it?

Now from onwards, I heard that we need to firstly add the user in MAS (e.g. person id, email address, SAML id) and the job (not sure which ?) in MAS synchronizes this information in Manage. However, this job fails as we already have the person and email information already populated as a part of the jobs that I described in the first paragraph.

Is there any way, we can skip populating the person information (e.g. person record, email and phone information) from MAS to Manage? 

Is there any documentation about API that we can use to populate the person (with the required information e.g. supervisor, division, dept, etc.) and user information in MAS? This way, we need not run the first job in Manage and the sync process from MAS to Manage can transfer this information.

Please let me know.

Hi Pankaj,

the cron task that syncs users from Manage to MAS Core is called MASUSERSYNC. It's main role is to sync users after upgrade from 7.6 to MAS. There is no option to customize the fields mapping for this cron task.

In MAS You always add users to Core and this users are synchronized to other MAS apps, including Manage. Starting with version 9 You can use SCIM to create new users in Core. There is also dedicated API for that: https://developer.ibm.com/apis/catalog/maximo--maximo-application-suite-admin-apis/Getting+Started

Hello,

We are currently on MAXIMO 7.6.1.3 and we are using custom built batch jobs (that use OSLC JSON REST API) to synchronize the person information (person, email and phone) from our Data warehouse to MAXIMO.  As a part of the person record, we bring additional organization specific information (e.g. supervisor, division, department, group etc) of the person using these jobs. The jobs are running fine. Whenever a new user needs to be added, in MAXIMO, we just add the new user with the user id (which is not the same as person id in our case) and associate that person id to that user and grant that user specific privileges. 

We heard from our application provider that they executed a job that synchronized user information from Manage to MAS as a one time effort. However, the fields were not correctly mapped (e.g. the email address in Manage is mapped to SAML id in MAS) which is causing issues. Any idea which cron task in Manage does this synchronization? Is there any documentation about the mapping of the fields within Manage and MAS? Any way, we can customize it?

Now from onwards, I heard that we need to firstly add the user in MAS (e.g. person id, email address, SAML id) and the job (not sure which ?) in MAS synchronizes this information in Manage. However, this job fails as we already have the person and email information already populated as a part of the jobs that I described in the first paragraph.

Is there any way, we can skip populating the person information (e.g. person record, email and phone information) from MAS to Manage? 

Is there any documentation about API that we can use to populate the person (with the required information e.g. supervisor, division, dept, etc.) and user information in MAS? This way, we need not run the first job in Manage and the sync process from MAS to Manage can transfer this information.

Please let me know.

Hello,

We are currently on MAXIMO 7.6.1.3 and we are using custom built batch jobs (that use OSLC JSON REST API) to synchronize the person information (person, email and phone) from our Data warehouse to MAXIMO.  As a part of the person record, we bring additional organization specific information (e.g. supervisor, division, department, group etc) of the person using these jobs. The jobs are running fine. Whenever a new user needs to be added, in MAXIMO, we just add the new user with the user id (which is not the same as person id in our case) and associate that person id to that user and grant that user specific privileges. 

We heard from our application provider that they executed a job that synchronized user information from Manage to MAS as a one time effort. However, the fields were not correctly mapped (e.g. the email address in Manage is mapped to SAML id in MAS) which is causing issues. Any idea which cron task in Manage does this synchronization? Is there any documentation about the mapping of the fields within Manage and MAS? Any way, we can customize it?

Now from onwards, I heard that we need to firstly add the user in MAS (e.g. person id, email address, SAML id) and the job (not sure which ?) in MAS synchronizes this information in Manage. However, this job fails as we already have the person and email information already populated as a part of the jobs that I described in the first paragraph.

Is there any way, we can skip populating the person information (e.g. person record, email and phone information) from MAS to Manage? 

Is there any documentation about API that we can use to populate the person (with the required information e.g. supervisor, division, dept, etc.) and user information in MAS? This way, we need not run the first job in Manage and the sync process from MAS to Manage can transfer this information.

Please let me know.

Hi Pankaj,

there is a cron task called MASUSERSYNC which is responsible for this "one time" user synchronization from Manage to MAS. It pushes Manage users in status active and with no value in MAS Issuer (MAXUSER.MASISSUER) field and deactivates itself immediately after. You can actually activate it manually as many times you want and it will do exact same job again.

NOTE: You can use RESENDUSERSSEL parameter to specify a SQL-like where clause which will be used at cron-task start to clear MAS Issuer (MAXUSER.MASISSUER) field and therefore trigger synchronization even for users which have already been synchronized.

It seems like there is no way to affect Manage to MAS synchronization attributes mapping so if your results are not satisfying then I suggest you restructure your data in Manage just before the upgrade and let the cron task to the job. Alternatively you can simply before the upgrade script MAS Issuer (MAXUSER.MASISSUER) field to the name of your identity provider (e.g. local, ldap, saml) and populate MAS users database e.g. using MAS Admin API calls.

It's easier to control the user synchronization proces the other way round - from MAS to Manage. It's actually quite well documented on User creation, authentication, and synchronization official documentation page. In short words MAS Core is using Manage's MIF capabilities to update user data and you can use all its flexibility to affect this process, including SKIP rules to omit PERSON data updates..

User management is being lifted consequently in MAS from Manage to Core and I would highly recommend you re-thinking your user synchronization process if not now, then at least in the coming future. There is a rich set of Maximo Application Suite Admin APIs choose your MAS version first) which can be used to load/update user data in MAS Core first and then let the Suite do its job the way it's designed.

Hello,

We are currently on MAXIMO 7.6.1.3 and we are using custom built batch jobs (that use OSLC JSON REST API) to synchronize the person information (person, email and phone) from our Data warehouse to MAXIMO.  As a part of the person record, we bring additional organization specific information (e.g. supervisor, division, department, group etc) of the person using these jobs. The jobs are running fine. Whenever a new user needs to be added, in MAXIMO, we just add the new user with the user id (which is not the same as person id in our case) and associate that person id to that user and grant that user specific privileges. 

We heard from our application provider that they executed a job that synchronized user information from Manage to MAS as a one time effort. However, the fields were not correctly mapped (e.g. the email address in Manage is mapped to SAML id in MAS) which is causing issues. Any idea which cron task in Manage does this synchronization? Is there any documentation about the mapping of the fields within Manage and MAS? Any way, we can customize it?

Now from onwards, I heard that we need to firstly add the user in MAS (e.g. person id, email address, SAML id) and the job (not sure which ?) in MAS synchronizes this information in Manage. However, this job fails as we already have the person and email information already populated as a part of the jobs that I described in the first paragraph.

Is there any way, we can skip populating the person information (e.g. person record, email and phone information) from MAS to Manage? 

Is there any documentation about API that we can use to populate the person (with the required information e.g. supervisor, division, dept, etc.) and user information in MAS? This way, we need not run the first job in Manage and the sync process from MAS to Manage can transfer this information.

Please let me know.

Hello Andrzej,

Thanks for your detailed reply. Our issue is:  

Hi Pankaj,

there is a cron task called MASUSERSYNC which is responsible for this "one time" user synchronization from Manage to MAS. It pushes Manage users in status active and with no value in MAS Issuer (MAXUSER.MASISSUER) field and deactivates itself immediately after. You can actually activate it manually as many times you want and it will do exact same job again.

NOTE: You can use RESENDUSERSSEL parameter to specify a SQL-like where clause which will be used at cron-task start to clear MAS Issuer (MAXUSER.MASISSUER) field and therefore trigger synchronization even for users which have already been synchronized.

It seems like there is no way to affect Manage to MAS synchronization attributes mapping so if your results are not satisfying then I suggest you restructure your data in Manage just before the upgrade and let the cron task to the job. Alternatively you can simply before the upgrade script MAS Issuer (MAXUSER.MASISSUER) field to the name of your identity provider (e.g. local, ldap, saml) and populate MAS users database e.g. using MAS Admin API calls.

It's easier to control the user synchronization proces the other way round - from MAS to Manage. It's actually quite well documented on User creation, authentication, and synchronization official documentation page. In short words MAS Core is using Manage's MIF capabilities to update user data and you can use all its flexibility to affect this process, including SKIP rules to omit PERSON data updates..

User management is being lifted consequently in MAS from Manage to Core and I would highly recommend you re-thinking your user synchronization process if not now, then at least in the coming future. There is a rich set of Maximo Application Suite Admin APIs choose your MAS version first) which can be used to load/update user data in MAS Core first and then let the Suite do its job the way it's designed.

Hello,

We are currently on MAXIMO 7.6.1.3 and we are using custom built batch jobs (that use OSLC JSON REST API) to synchronize the person information (person, email and phone) from our Data warehouse to MAXIMO.  As a part of the person record, we bring additional organization specific information (e.g. supervisor, division, department, group etc) of the person using these jobs. The jobs are running fine. Whenever a new user needs to be added, in MAXIMO, we just add the new user with the user id (which is not the same as person id in our case) and associate that person id to that user and grant that user specific privileges. 

We heard from our application provider that they executed a job that synchronized user information from Manage to MAS as a one time effort. However, the fields were not correctly mapped (e.g. the email address in Manage is mapped to SAML id in MAS) which is causing issues. Any idea which cron task in Manage does this synchronization? Is there any documentation about the mapping of the fields within Manage and MAS? Any way, we can customize it?

Now from onwards, I heard that we need to firstly add the user in MAS (e.g. person id, email address, SAML id) and the job (not sure which ?) in MAS synchronizes this information in Manage. However, this job fails as we already have the person and email information already populated as a part of the jobs that I described in the first paragraph.

Is there any way, we can skip populating the person information (e.g. person record, email and phone information) from MAS to Manage? 

Is there any documentation about API that we can use to populate the person (with the required information e.g. supervisor, division, dept, etc.) and user information in MAS? This way, we need not run the first job in Manage and the sync process from MAS to Manage can transfer this information.

Please let me know.

Hi Pankaj,

unfortunately I don't have anything I can provide you with ad-hoc but you're on the right track.
I would in your case adjust user mapping logic using one of approached suggested in Customization of inbound data section.
This way for example when receiving user e-mail address from MAS Core your could use it to uniquely identify PERSONID (NOTE: e-mails are unique in Manage EMAIL table and they always point to exactly one PERSONID) and use this value instead during integration processing to populate MAXUSER.PERSONID.

This way Manage would not create new person record but rather link existing one and you would avoid unique index violation.

Hello Andrzej,

Thanks for your detailed reply. Our issue is:  

Hi Pankaj,

there is a cron task called MASUSERSYNC which is responsible for this "one time" user synchronization from Manage to MAS. It pushes Manage users in status active and with no value in MAS Issuer (MAXUSER.MASISSUER) field and deactivates itself immediately after. You can actually activate it manually as many times you want and it will do exact same job again.

NOTE: You can use RESENDUSERSSEL parameter to specify a SQL-like where clause which will be used at cron-task start to clear MAS Issuer (MAXUSER.MASISSUER) field and therefore trigger synchronization even for users which have already been synchronized.

It seems like there is no way to affect Manage to MAS synchronization attributes mapping so if your results are not satisfying then I suggest you restructure your data in Manage just before the upgrade and let the cron task to the job. Alternatively you can simply before the upgrade script MAS Issuer (MAXUSER.MASISSUER) field to the name of your identity provider (e.g. local, ldap, saml) and populate MAS users database e.g. using MAS Admin API calls.

It's easier to control the user synchronization proces the other way round - from MAS to Manage. It's actually quite well documented on User creation, authentication, and synchronization official documentation page. In short words MAS Core is using Manage's MIF capabilities to update user data and you can use all its flexibility to affect this process, including SKIP rules to omit PERSON data updates..

User management is being lifted consequently in MAS from Manage to Core and I would highly recommend you re-thinking your user synchronization process if not now, then at least in the coming future. There is a rich set of Maximo Application Suite Admin APIs choose your MAS version first) which can be used to load/update user data in MAS Core first and then let the Suite do its job the way it's designed.

Hello,

We are currently on MAXIMO 7.6.1.3 and we are using custom built batch jobs (that use OSLC JSON REST API) to synchronize the person information (person, email and phone) from our Data warehouse to MAXIMO.  As a part of the person record, we bring additional organization specific information (e.g. supervisor, division, department, group etc) of the person using these jobs. The jobs are running fine. Whenever a new user needs to be added, in MAXIMO, we just add the new user with the user id (which is not the same as person id in our case) and associate that person id to that user and grant that user specific privileges. 

We heard from our application provider that they executed a job that synchronized user information from Manage to MAS as a one time effort. However, the fields were not correctly mapped (e.g. the email address in Manage is mapped to SAML id in MAS) which is causing issues. Any idea which cron task in Manage does this synchronization? Is there any documentation about the mapping of the fields within Manage and MAS? Any way, we can customize it?

Now from onwards, I heard that we need to firstly add the user in MAS (e.g. person id, email address, SAML id) and the job (not sure which ?) in MAS synchronizes this information in Manage. However, this job fails as we already have the person and email information already populated as a part of the jobs that I described in the first paragraph.

Is there any way, we can skip populating the person information (e.g. person record, email and phone information) from MAS to Manage? 

Is there any documentation about API that we can use to populate the person (with the required information e.g. supervisor, division, dept, etc.) and user information in MAS? This way, we need not run the first job in Manage and the sync process from MAS to Manage can transfer this information.

Please let me know.