User creation, authentication, and synchronization

You add and authenticate users in Maximo® Application Suite. Then, if users have entitlement to Maximo Manage, their user data is synchronized to Maximo Manage. Data to be synchronized can be customized to include or exclude fields.

User creation and authentication

Users are added and authenticated in the administrative console of Maximo Application Suite. Authentication validates the user by verifying the supplied credentials.

Users can be added and authenticated in the Maximo Application Suite in several ways. Refer to the related links for more information about adding and authenticating users.

Synchronization to Maximo Manage

Users who have an entitlement to Maximo Manage are synchronized from Maximo Application Suite to Maximo Manage by an agent process that continuously queries the user registry in Maximo Application Suite. Users who have a PENDING or DELETE_PENDING status are synchronized to Maximo Manage. The synchronization status for a user who is synchronized successfully is SUCCESS. The synchronization status for a user who fails to be synchronized is ERROR. You can view status information in the administrative console of Maximo Application Suite or in the output logs.

Synchronized user data is processed as a series of messages by an enterprise service of the integration framework in Maximo Manage.

Synchronized users are listed in the Users application. Users who are updated to be deleted or to have no access entitlement in Maximo Application Suite are made inactive in Maximo Manage, but they are not deleted.

When a user's data is synchronized from Maximo Application Suite to Maximo Manage, if the user has a phone type or an email type that does not exist in Maximo Manage, the phone type or email type is automatically added to the PHONETYPE or EMAILTYPE domain, respectively. If the phone type or email type already exists, the types are not added.

Because the length and type of the Maximo Application Suite user IDs do not match the length and type of user IDs in Maximo Manage, errors might occur when you create new users. Configuration of user lengths and types should be performed in Maximo Application Suite and then propagated to Maximo Manage. The following tables provide information about the length and type of Maximo Application Suite user ID fields.
Table 1. User Synchronization
Attributes Manage object and attribute Type Length Values that are allowed
_id USER.LOGINID ALN 100  
username USER.USERID, PERSON.PERSONID UPPER 100  
displayName PERSON.DISPLAYNAME ALN 82  
familyName PERSON.LASTNAME ALN 30  
givenName PERSON.FIRSTNAME ALN 50  
title PERSON.TITLE ALN 30  
issuer PERSON.MASISSUER ALN 20 local, ldap, saml
preferences.locale.language PERSON.LOCALE ALN 10  
preferences.timezone PERSON.TIMEZONE ALN 33  
email.value EMAIL.EMAILADDRESS ALN 100  
email.type EMAIL.TYPE UPPER 10 HOME,WORK
email.primary EMAIL.ISPRIMARY BOOLEAN 1  
phoneNumbers.value PHONE.PHONENUM ALN 20  
phoneNumbers.type PHONE.TYPE UPPER 10 HOME,MOBILE,WORK
phoneNumbers.primary PHONE.ISPRIMARY BOOLEAN 1  
address.streetAddress PERSON.ADDRESSLINE1 + PERSON.ADDRESSLINE2 + PERSON.ADDRESSLINE3 ALN 169  
address.locality PERSON.CITY ALN 36  
address.region PERSON.STATEPROVINCE ALN 36  
address.country PERSON.COUNTRY ALN 36  
address.postalCode PERSON.POSTALCODE ALN 12  
entitlement.application MAXDOMAIN ALN 25  
Table 2. Group Synchronization
Attributes Manage attribute and object Type Length
id MAXGROUP.GROUPNAME ALN 30
members GROUPUSER.USERID ALN 30
displayName MAXGROUP.DESCRIPTION ALN 200

Customization of inbound data

You can customize the data that is synchronized for users in several ways. For example, you can specify more user data, such as security group and information about employee ID and cost center. Synchronization of inbound user data is handled by an enterprise service of the integration framework in Maximo Manage. Sample inbound integration messages from Maximo Application Suite are shown in the masuser.json file and the masgroup.json file.

You can customize messages by supplying additional values to the extensions attributes that are not part of the default mapping of a message. The sample file masuser-mapped.json shows the result in the Maximo Manage object structures after the masuser.json file is mapped by using the supplied user exit. You can use this file to understand how to further customize the mapping.

Experienced administrators whose expertise includes the integration framework and customization can customize mapping in the following ways:
  • Create a Java™ user exit. Use the output of the default mapping, such as masuser-mapped.json, as the input.
  • Create an automation script that acts on the user exit. Use the output of the default mapping, such as masuser-mapped.json, as the input.
  • Create a JSON map. Use the output of the default mapping, such as masuser-mapped.json, as the input.
  • Create a JSON map to replace the provided default mapping by replacing the psdi.iface.migexits.MASUserMapperExit user exit class with the com.ibm.tivoli.maximo.fdmbo.JSONMapperExit standard user exit. Input is the user object that is synchronized from Maximo Application Suite, for example, masuser.json.