Maximo Mobile authentication and data flow

Login and authentication

The first time that a user logs in to the Maximo Mobile application, they must have network connectivity, so they can connect to Maximo Application Suite. To log in to the Maximo Mobile application, the user must enter the credentials that they use in Maximo Application Suite. Using a single sign-on, the user is also authenticated with Maximo Manage, and the mobile apps that are on the Maximo Manage server are set up on the device. As part of the initial setup, a local JSON data store is created on the device. The data store is a repository for data that is downloaded from the Maximo Manage server. The data store is encrypted by using a unique key that is saved in the device's keystore. Each time a user opens the Maximo Mobile application, they are prompted for their device's security credentials so the application can access the local data store.

When a user authenticates to Maximo Application Suite, they are granted a token, which is used to authenticate all requests to the server. After the token has expired, the user is prompted to authenticate to Maximo Application Suite again. If the user does not authenticate successfully, they work offline until they authenticate to Maximo Application Suite again. A user can authenticate to Maximo Application Suite at any time by clicking the cloud icon from the application screen. The default expiration time is 30 minutes for the access token and 12 hours for refresh token.

When you successfully use a biometric method to log in to a mobile device and you authenticate with the server through SSO, you have access to your own local database on the device that is used in offline mode. If another user uses biometrics to log in to the same mobile device, but they do not authenticate with the server, they are still able to access data as the last user to authenticate. If the second user was in offline mode, they would access the local database of the first user. The next time the device was used by the second user in online mode, they are given the option to switch users. If they accept, they can now access their own local database when in offline mode.

A user that has access to the device biometrics may access their own local DB after server authentication success. If user does not pass server authentication and he/she is a second user for the application that has access to the device biometrics, he/she would still be able to access as the last user that logged online if they were to access the application offline(they would use the last user's local DB). Then, if he/she logged online, there will be a popup message to let user confirm whether to switch user, if user confirmed, then the application would load current user's local DB. if not, the user would still access the application offline.

For information about Maximo Mobile security, see Securing.

Online and offline operations

When mobile users are online, Maximo Mobile apps interact with Maximo Manage and exchange data that is represented in JSON format. In Maximo Manage, requests are processed by an OSLC service provider, and a response is returned.

The data that is retrieved from Maximo Manage is automatically saved to the local data store on the device. The availability of locally stored data makes online data operations more efficient, and users can continue to work when a planned or unexpected disconnection occurs. While users are online, local data is automatically synchronized to maintain consistency with Maximo Manage. Users can also manually synchronize data.

Some applications, like Assist and Parts Identifier, require the user to be online.