Authentication and security

Before you upgrade to Maximo® Manage, you must be familiar with authentication, encryption and security, and SMTP configuration.

Authentication

• If you select local authentication, the username and password of users are stored on MongoDB and Maximo Application Suite directly authenticates the users.
• LDAP or SAML can be configured for authentication before or after the installation of Maximo Manage by using the Configuration page in Maximo Application Suite For more information, see Authentication methods.
  • Only LDAP registries that are supported by Liberty runtime can be used. For more information, see LDAP User Registry 3.0
  • If you are currently using LDAP or SAML, your existing configuration can be used in Maximo Application Suite.
  • From Maximo Application Suite 8.8 onwards, Maximo Manage supports only API key-based authentication for integration with external applications and REST API transactions. For integration, XML along with SOAP and HTTP protocols use API keys. The existing REST APIs, for example, maxrest or rest support API keys as well as new REST APIs added from Maximo Application Suite 8.8 like oslc.

    API key-based authentication is primarily used for machine to machine interactions and authentication. If you are using maxauth in Maximo Asset Management, after upgrading to Maximo Application Suite and deploying Maximo Manage, use API keys because maxauth is not supported in Maximo Manage. For more information, see API keys application.

Encryption and security

If you are using custom encryption keys for CRYPTO and CRYTOX attributes, then the custom keys must be provided during the Maximo Manage application installation.

Custom encryption properties are specified in the maximo.properties file in Maximo Asset Management.

Note: The maximo.properties file is not used in Maximo Application Suite.

After the Maximo Manage application deployment, if encryption keys are not specified when you activate Maximo Manage with a fresh database, new encryption keys are automatically generated. Set the autoGenerateEncryptionKeys property to false if you do not want to generate the keys automatically. For more information, see Disabling automatic generation of encryption keys and Database encryption.