Starting in Maximo® Application Suite 9.0, you set up the user and group
synchronization in the identity provider by using the SCIM 2.0 API endpoints from Maximo Application Suite. You initially create an API Key in Maximo Application Suite to generate a JSON Web Token.
About this task
To invoke the new SCIM 2.0 APIs with the identity provider, an authentication token, which is
called a JSON Web Token, is required. This token is obtained by using a Maximo Application Suite API key. The API key requires user admin
permissions.
By default the JSON Web Token has a short expiry time
and requires frequent regeneration and
reconfiguration of the connection details in the identity provider. You can specify an expiry
duration for the token as part of the authenticated request by specifying an HTTP Header as part of
the request, with the name mas-jwt-expiry-duration
and a value that is an ISO8601
duration. For example, you can specify P90D
for 90-day expiry.
Procedure
- In Maximo Application Suite Suite administration, create an API key.
- From the side navigation menu, click API keys and click
Create API key.
- Enter the description and specify the authentication token expiry.
- For suite administrative access that is applicable to the API key, select
User management .
- Click Submit.
- Copy the API key and authentication token details.
If authentication token
details are lost, you cannot recover the details. To create a token, you must create an API
key.
- To generate a JSON Web Token,
issue a
GET
request to the /v1/authenticate API with
Basic Auth.
- Specify Basic Auth as the authentication type.
- Enter the API key ID and authentication token as username and
password.
- Specify a custom expiry duration for the token as part of the authenticated request.
For example, enter P90D
for a 90-day duration. The JSON Web Token
is generated, which you
can use in the API calls that you want to make. The response to the authenticated request contains a
token
field.
- Copy the JSON Web Token details.
- Create a Maximo Application Suite SCIM profile to specify the Maximo Application Suite configuration that is applied to users and groups when they are
synchronized from the identity provider to Maximo Application Suite.
- Configure the identity provider.
- In the identity provider, create an application to represent Maximo Application Suite.
- Enable the SCIM 2.0 provisioning in the application.
- Specify the base URL for integration by using
https://api.{mas-instance-id}.{domain}/scim/v2/{profileId}
.
- Provide the JSON Web Token for the header-based authentication that you created from the API
key.
- Validate that the identity provider can connect to Maximo Application Suiteand issue
SCIM requests.
- Assign users and groups to the application in the identity provider to initiate the
synchronization of users and groups with Maximo Application Suite.