User creation, authentication, and synchronization
You add and authenticate users in Maximo® Application Suite. Then, if users have entitlement to Maximo Manage, their user data is synchronized to Maximo Manage. Data to be synchronized can be customized to include or exclude fields.
User creation and authentication
Users are added and authenticated in the administrative console of Maximo Application Suite. Authentication validates the user by verifying the supplied credentials.
Users can be added and authenticated in the Maximo Application Suite in several ways. Refer to the related links for more information about adding and authenticating users.
Synchronization to Maximo Manage
Users who have an entitlement to Maximo Manage are synchronized from Maximo Application Suite to Maximo Manage by an agent process that continuously queries the user registry in Maximo Application Suite. Users who have a PENDING or DELETE_PENDING status are synchronized to Maximo Manage. The synchronization status for a user who is synchronized successfully is SUCCESS. The synchronization status for a user who fails to be synchronized is ERROR. You can view status information in the administrative console of Maximo Application Suite or in the output logs.
Synchronized user data is processed as a series of messages by an enterprise service of the integration framework in Maximo Manage.
Synchronized users are listed in the Users application. Users who are updated to be deleted or to have no access entitlement in Maximo Application Suite are made inactive in Maximo Manage, but they are not deleted.
When a user's data is synchronized from Maximo Application Suite to Maximo Manage, if the user has a phone type or an email type that does not exist in Maximo Manage, the phone type or email type is automatically added to the PHONETYPE or EMAILTYPE domain, respectively. If the phone type or email type already exists, the types are not added.
Attributes | Manage object and attribute | Type | Length | Values that are allowed |
---|---|---|---|---|
_id | USER.LOGINID | ALN | 100 | |
username | USER.USERID, PERSON.PERSONID | UPPER | 100 | |
displayName | PERSON.DISPLAYNAME | ALN | 82 | |
familyName | PERSON.LASTNAME | ALN | 30 | |
givenName | PERSON.FIRSTNAME | ALN | 50 | |
title | PERSON.TITLE | ALN | 30 | |
issuer | PERSON.MASISSUER | ALN | 20 | local, ldap, saml |
preferences.locale.language | PERSON.LOCALE | ALN | 10 | |
preferences.timezone | PERSON.TIMEZONE | ALN | 33 | |
email.value | EMAIL.EMAILADDRESS | ALN | 100 | |
email.type | EMAIL.TYPE | UPPER | 10 | HOME,WORK |
email.primary | EMAIL.ISPRIMARY | BOOLEAN | 1 | |
phoneNumbers.value | PHONE.PHONENUM | ALN | 20 | |
phoneNumbers.type | PHONE.TYPE | UPPER | 10 | HOME,MOBILE,WORK |
phoneNumbers.primary | PHONE.ISPRIMARY | BOOLEAN | 1 | |
address.streetAddress | PERSON.ADDRESSLINE1 + PERSON.ADDRESSLINE2 + PERSON.ADDRESSLINE3 | ALN | 169 | |
address.locality | PERSON.CITY | ALN | 36 | |
address.region | PERSON.STATEPROVINCE | ALN | 36 | |
address.country | PERSON.COUNTRY | ALN | 36 | |
address.postalCode | PERSON.POSTALCODE | ALN | 12 | |
entitlement.application | MAXDOMAIN | ALN | 25 |
Attributes | Manage attribute and object | Type | Length |
---|---|---|---|
id | MAXGROUP.GROUPNAME | ALN | 30 |
members | GROUPUSER.USERID | ALN | 30 |
displayName | MAXGROUP.DESCRIPTION | ALN | 200 |
Customization of inbound data
You can customize the data that is synchronized for users in several ways. For example, you can specify more user data, such as security group and information about employee ID and cost center. Synchronization of inbound user data is handled by an enterprise service of the integration framework in Maximo Manage. Sample inbound integration messages from Maximo Application Suite are shown in the masuser.json file and the masgroup.json file.
You can customize messages by supplying additional values to the extensions attributes that are not part of the default mapping of a message. The sample file masuser-mapped.json shows the result in the Maximo Manage object structures after the masuser.json file is mapped by using the supplied user exit. You can use this file to understand how to further customize the mapping.
- Create a Java™ user exit. Use the output of the default mapping, such as masuser-mapped.json, as the input.
- Create an automation script that acts on the user exit. Use the output of the default mapping, such as masuser-mapped.json, as the input.
- Create a JSON map. Use the output of the default mapping, such as masuser-mapped.json, as the input.
- Create a JSON map to replace the provided default mapping by replacing the psdi.iface.migexits.MASUserMapperExit user exit class with the com.ibm.tivoli.maximo.fdmbo.JSONMapperExit standard user exit. Input is the user object that is synchronized from Maximo Application Suite, for example, masuser.json.