<div style="display:inline;"> <img height="1" width="1" style="border-style:none;" alt="" src="//googleads.g.doubleclick.net/pagead/viewthroughconversion/1066880148/?value=0&amp;label=4oTQCMyJzwQQlJnd_AM&amp;guid=ON&amp;script=0">
Scott Peluso

By: Scott Peluso on March 24th, 2014

Print/Save as PDF

Authentication Options for Maximo

Maximo | Security | Authentication

Maximo_Security_ResizeWhether you are tasked with protecting customer services, corporate and customer data, or day-to-day operations, ensuring that employees in your organization have the appropriate access level is a large part of your overall company security strategy.

This blog post comes from one of Interloc's Senior Technical Consultants, Jeremy Rempel.  In it, Jeremy discusses the various options that are available for Maximo authentication. 

Authentication Options

When it comes to authenticating access, you have four different options.  Read on to find out which option makes the most sense for you and your business.

Maximo Authentication

Maximo internal authentication is the default option and has all users' information – such as logins and passwords – stored in the database. When a user accesses Maximo, they will be presented with a login form. If a user forgets their password, a Maximo systen administrator will need to reset it. New users and their authorization are manually managed by a Maximo system administrator.

Active Directory Authentication

Using this option, Maximo still presents the same login form as in the Maximo Authentication option; however, when users type their username, password they will be delegated to the Application Server and authenticated against an Active Directory Server. WebSphere allows authentication against multiple directories. For example, if you have different company divisions or external contractors logging in, you may have multiple Active Directory installs. Since network passwords are being sent in cleartext over the network, TLS/HTTPS is recommended.

Users and groups can be either manually maintained by a Maximo system administrator or automatically synchronized using the VMMSYNC or LDAPSYNC cron tasks.

Single Sign On (SSO)

A third option is Kerberos SSO. When a user is logged into the Intranet and accesses Maximo they can skip the login screen and login to Maximo directly using their credentials they logged into their desktop as. SSO is supported all major browsers (Internet Explorer, Chrome, Firefox). SSO is more secure than the form based login approaches above because no passwords are being sent over the network.

Like Active Directory Authentication, the users and groups can be maintained by a Maximo system administrator or synchronized using VMMSYNC or LDAPSYNC cron tasks.

Trust Association Interceptor (TAI)

Trust Association Interceptors are a WebSphere specific option that allows writing a custom Java class to authenticate users. TAI can be used for complex authentication scenarios, such as when a user is authenticated by a 3rd party (ie., a portal) and doesn’t want to login again to access Maximo. Since the TAI involves custom Java code, virtually any scenario can be supported.

And there you have it.  Four ways to keep your data safe and your business secure. Questions?  Feel free to contact Interloc


About Scott Peluso

Scott Peluso is Vice President, Customer Support & Cloud Services for Interloc. With a focus on client success, he oversees Product Support, Managed Services, and Hosting operations to Interloc’s clients. Scott also leads Interloc’s cloud infrastructure, internal IT services, and product Marketing. Scott has worked with Maximo Asset Management for over 27 years, first starting as a Maximo Systems Support analyst at PSDI. Throughout his career, Scott has supported thousands of clients implementing Maximo. Prior to joining Interloc, Scott was the Business Unit Executive for IBM’s Internet of Things division leading all Support delivery for the Maximo, Rational, and TRIRIGA portfolios.