Self-registration for users
Starting from Maximo® Application Suite 9.0, users can self-register to create their own login accounts and use the applications that they have access to. Before users can self-register, an administrator must enable and configure access options that are associated with each identity provider that is configured.
Configuration
As an administrator, when you enable self-registration in Maximo Application Suite, you can either set automatic approval of self-registered users or manually approve each user. To manually approve users, you must activate the user before the user logs in to Maximo Application Suite. You can change the initial application entitlement for users from self-service to a concurrent entitlement. You can also specify the email address of administrators who are available to support users during the registration process. This email address is provided in the users' email notifications. The email addresses of administrators who can approve requests can also be added.
To enable self-registration in Suite administration, from the side navigation menu, select Users and then click the Authentication tab. In the User self-registration section, select the identity provider that you want to enable self-registration for. Users can then register to create their accounts by selecting Register on the login page.
If you configured self-registration to automatically approve and activate users, the user can log in to Maximo Application Suite. Otherwise, you need to manually activate the user to approve their request. An email is sent to notify any administrator who has permission to approve the request. An email is also sent to the user to inform them that their request to access was submitted.
After a user is approved, an application administrator might need to set further detailed application privileges for each individual application. For example, a user who needs access to Maximo Manage must wait until the application administration for Maximo Manage approves access. For more information, see Configuration of self-registered users in Maximo Manage.
- Self-registration for local users
-
After a user registers on the login page by providing information such as username, email address, and password, the new user account is created in the local database. The users credentials, including username and password, are securely stored.
A verification email is sent to the user with a code that the users entered on the login page. After the user enters the correct code, the user can log in immediately if automatic approval is enabled. Otherwise, the user must wait for administrator approval.
- Self-registration for SAML users
-
With self-registered accounts for Security Assertion Markup Language (SAML), when a user attempts to log in for the first time, the user accounts are automatically created in Maximo Application Suite.
When a user requests access for the first time, a SAML authentication request is sent to the identity provider. The user is authenticated in the identity provider where their credentials are validated in its database. A SAML assertion is generated that contains the user's information, such as username, attributes, and roles.
If the user does not exist in Maximo Application Suite, the SAML response from the identity provider can include attributes that trigger just-in-time (JIT) account creation. The Maximo Application Suite automatically creates a user account based on the information that is provided in the SAML assertion.
With the user now authenticated and an account that is created, the user is allowed to access the requested resource or application.
Although the user is created during this authentication process, if manual approval is enabled, users cannot log in until the administrator manually approves and activates the user.
- Self-registration for LDAP users
- With LDAP self-registration, users directly communicate with the LDAP server for registration. If manual approval is enabled, users cannot log in until the administrator manually approves and activates the user.