Maximo Open Forum

Hi All,

We are in the phase of upgrading from current version of Maximo, which is 7.6.0.4 to 7.6.2.1 as well as the implementation of Maximo Anywhere 7.6.4.Just would like to get inputs from you all as to what configuration and possible customization has to be done in Maximo to enable Multifactor authentication.We need to integrate it with Azure AD.

Also,IBM tech note states that SAML is not supported with Maximo Anywhere 7.6.4 latest IFix.Does it mean that we will be unable to implement the authentication in Anywhere as both our Maximo and Anywhere will be exposed to Internet and we would like to implement the Multi factor authentication as per the requirements of the security team.

Regards,
Mahadevan
#Customizations
#EverythingMaximo
#Mobility

------------------------------
Mahadevan Ramakrishnan
------------------------------

You can request from IBM Support how to configure SAML with Anywhere but is NOT a supported configuration which is why it's not publicly posted. For Maximo Mobile, we support SAML without any additional configuration than what is done in core Maximo. 

For the Maximo side, configuring SAML in WebSphere to Azure AD and utilizing Azure AD for multifactor authentication is the approach to go. With Azure AD you can define conditional access policies to require MFA in certain scenarios (such as an untrusted device) while not requiring it in others. Web service integrations (SOAP or REST) would need to be updated to transition to the new API key approach or you'll need to also configure LDAP to authenticate those APIs. The new API key requires utilizing /maximo/api instead of /maximo/oslc for REST APIs and requires you to define a new meaweb context that does not have application server security protection. Since SAML is an interactive authentication scheme, you can't utilize that for background integrations.

------------------------------
Steven Shull
IBM
------------------------------

Original Message:
Sent: 02-09-2022 13:00
From: Mahadevan Ramakrishnan
Subject: Implementation of Multifactor authentication in Maximo 7.6.2.1 desktop application as well as Maximo Anywhere 7.6.4

Hi All,

We are in the phase of upgrading from current version of Maximo, which is 7.6.0.4 to 7.6.2.1 as well as the implementation of Maximo Anywhere 7.6.4.Just would like to get inputs from you all as to what configuration and possible customization has to be done in Maximo to enable Multifactor authentication.We need to integrate it with Azure AD.

Also,IBM tech note states that SAML is not supported with Maximo Anywhere 7.6.4 latest IFix.Does it mean that we will be unable to implement the authentication in Anywhere as both our Maximo and Anywhere will be exposed to Internet and we would like to implement the Multi factor authentication as per the requirements of the security team.

Regards,
Mahadevan
#Customizations
#EverythingMaximo
#Mobility

------------------------------
Mahadevan Ramakrishnan
------------------------------

I tried requesting the configuration instructions from IBM support, but have just been ignored. 

Has anyone configured SAML to work with Anywhere 7.6.4?  I did try changing some property values on the Anywhere side and it seems to be trying to use app server security for authentication, but doesn't work, so I'm missing something.  Not sure if it's on the device side or server side...

------------------------------
Brandon Fisher
Northrop Grumman Corp.
------------------------------

Original Message:
Sent: 02-10-2022 09:29
From: Steven Shull
Subject: Implementation of Multifactor authentication in Maximo 7.6.2.1 desktop application as well as Maximo Anywhere 7.6.4

You can request from IBM Support how to configure SAML with Anywhere but is NOT a supported configuration which is why it's not publicly posted. For Maximo Mobile, we support SAML without any additional configuration than what is done in core Maximo. 

For the Maximo side, configuring SAML in WebSphere to Azure AD and utilizing Azure AD for multifactor authentication is the approach to go. With Azure AD you can define conditional access policies to require MFA in certain scenarios (such as an untrusted device) while not requiring it in others. Web service integrations (SOAP or REST) would need to be updated to transition to the new API key approach or you'll need to also configure LDAP to authenticate those APIs. The new API key requires utilizing /maximo/api instead of /maximo/oslc for REST APIs and requires you to define a new meaweb context that does not have application server security protection. Since SAML is an interactive authentication scheme, you can't utilize that for background integrations.

------------------------------
Steven Shull
IBM

Original Message:
Sent: 02-09-2022 13:00
From: Mahadevan Ramakrishnan
Subject: Implementation of Multifactor authentication in Maximo 7.6.2.1 desktop application as well as Maximo Anywhere 7.6.4

Hi All,

We are in the phase of upgrading from current version of Maximo, which is 7.6.0.4 to 7.6.2.1 as well as the implementation of Maximo Anywhere 7.6.4.Just would like to get inputs from you all as to what configuration and possible customization has to be done in Maximo to enable Multifactor authentication.We need to integrate it with Azure AD.

Also,IBM tech note states that SAML is not supported with Maximo Anywhere 7.6.4 latest IFix.Does it mean that we will be unable to implement the authentication in Anywhere as both our Maximo and Anywhere will be exposed to Internet and we would like to implement the Multi factor authentication as per the requirements of the security team.

Regards,
Mahadevan
#Customizations
#EverythingMaximo
#Mobility

------------------------------
Mahadevan Ramakrishnan
------------------------------