Maximo Open Forum

 View Only

Related Content

  • 1.  User Sync Authentication type issue from Manage to Suite with Rest API

    Posted 8 days ago

    Hi All,

    Am creatng users in manage v 8.7(not from Suite api)   using Rest API the MASUSERSYNC cron syncs user to the suite as a local by default saml is not getting enbaled as my system is saml authenticated and local authenticated both applies with authentication ( it shows under authentication tab of user management  in suite we are not using ldap)  but during user sync from manage to suite it only creates local user as default,Also I noticed MASISSUER attribute of MAXUSER of manage db  is appearing as local, Do i need to set parameter owner to default-saml in order to set the user authetication to SAML during syncing o user to suite besides the cron creates local user by default? 


    #Integrations
    #MaximoApplicationSuite

    ------------------------------
    Chidambar Shastry
    Xyz
    ------------------------------


  • 2.  RE: User Sync Authentication type issue from Manage to Suite with Rest API

    Posted 7 days ago

    The MASUSERSYNC cron task was enhanced with new parameters for tracking the owner & authentication method (issuer) but I don't remember what version exactly that was done in. If you don't see the cron task parameters for it, try to delete and recreate the cron task instance to see if it adds the new parameters. Cron task parameters are defined on creation of the cron task which is why recreating it can show the additional parameters.

    Owner must be local or scim (all lowercase) and you want it to be local. SCIM means the user comes from LDAP sync or the SCIM sync process in newer versions. This drastically limits what you can modify on the user record since you're telling it that the integration manages the user account.

    Issuer in your case would be saml. Your identity provider will be labeled as default-saml but this feature is looking for local, ldap, or saml only and will use the appropriate one based on that. It won't matter on your version, but in 9.0 MAS was enhanced to support multiple identity providers of the same type (IE two different SAML providers like Okta & Entra). For customers on 9.0, it can only send users to the default-saml. 9.1 and the upcoming 9.2 user management is entirely different. 



    ------------------------------
    Steven Shull
    Naviam
    ------------------------------



  • 3.  RE: User Sync Authentication type issue from Manage to Suite with Rest API

    Posted 5 days ago

    Hi Steve,

    I tried by setting parameter values against MASUSERSYNC cron as in above screenshot, but still am having the same issue.



    ------------------------------
    Chidambar Shastry
    Xyz
    ------------------------------

    Original Message


  • 4.  RE: User Sync Authentication type issue from Manage to Suite with Rest API

    Posted 5 days ago

    Are you saying your cron task had these parameters already, has the exact same parameter values, and new users (not existing) are being pushed in with local authentication? I have never seen that. When these aren't provided it uses the upgrade method to determine but otherwise should use this. It is case sensitive so make sure you have the values all lowercase.

    I'd say you could open a support ticket with IBM but 8.7 has hit end of mainstream support so you may not get a response if you haven't purchased extended support. 



    ------------------------------
    Steven Shull
    Naviam
    ------------------------------

    Original Message