Electronic signature verification

Electronic signatures provide an extra layer of validation to confirm that a user who changes a record is the same user who is logged in to the application. In addition to validation, the electronic signature feature enables administrators to audit changes and to determine who made a change and why the change was made.

When an application or feature is configured to require an electronic signature, users can complete an action or change the application only if they supply the required password or passkey in the Electronic Signature Authentication window that opens. Users must also specify the reason for the change.

Users create an electronic signature passkey in the Set or Modify E-Signature Key dialog box that is available from their profile. Electronic signature passkeys must conform to the same rules as product passwords. Any passkey that is manually created or automatically generated from a reset action is validated using the rules for user passwords, such as password length or excluded words. To use the electronic signature passkey, set the mxe.allownativeesig system property to 1. By default, the mxe.allownativeesig property is set 1 in the System Properties application of Maximo® Manage.

From Maximo Application Suite 9.0, an alternative way to verify electronic signature has been introduced by using Maximo Application Suite local user account credentials. Enable the mxe.usemasforesig system property to 1 in the System Properties application of Maximo Manage. The mxe.usemasforesig system property requires all users to have a local Maximo Application Suite user account. For more information, see Electronic signature properties.

Requirements for passwords and electronic signature keys are configured in the Security Controls dialog box for a selected user.

Electronic signature records the user name and full user name of users who change database records or who perform actions in an application. The modification to the record such as change, insert, update, or delete, known as the identifier, is also recorded.

The full user name corresponds to the DISPLAYNAME attribute in the PERSON object.

All verification attempts are saved in the LOGINTRACKING object. The LOGINTRACKING object records the following items:

  • User name or login ID
  • Full user name, which is the person's display name
  • Date and time of the attempt
  • Whether the authentication was successful
  • Application name where the electronic signature was invoked
  • Reason for the change, as typed on the Electronic Signature Authentication window
  • Unique transaction identifier
  • Key values columns for the record