Introduction
Throughout my career, I have developed multiple integrations between financial systems and Maximo, that involve financial and purchasing objects that include Purchase Requisitions, Purchase Orders, Receipts, GL Transactions, Person, and more.
With the introduction of Maximo Application Suite (MAS), user management is no longer handled in Manage and is now maintained within MAS. This shift presents new challenges and opportunities for integrating users seamlessly.
User Integration Approaches
Once a person record is created in Manage, several approaches can be used to integrate users. The following options are available:
1. Manual User Creation – Create the user manually in MAS, setting the user ID as personid.
2. Integration via Financial System – Utilize MAS APIs, as outlined in IBM’s Maximo Application Suite Admin APIs 8.11.x - IBM API Hub - IBM Developer documentation.
3. Automation Script & MASUSERSYNC – Implement an automation script to create the user record in Manage and trigger MASUSERSYNC.
4. Internal API Integration – Use the internal API (../v2/bulk/users/upsert) to create or update users in MAS directly from Manage.
Evaluation of Integration Approaches
I have configured and tested all four solutions, with the following findings:
- Option 1 (Manual Entry): Not suitable for some business requirements due to the need for manual data entry.
- Option 2 (Financial System Integration): Requires modifications to the financial system, which organization may not be willing to implement. The integration follows a two-step process:
- Obtaining a temporary access token using an API key via a REST API request.
- Option 3 (MASUSERSYNC Automation): Presented challenges:
- MASUSERSYNC attempts to synchronize all users each time it runs.
2. After execution, MASUSERSYNC disables itself.
3. The cron task instance does not allow specifying the access type or application entitlement, requiring additional manual data entry in MAS.
Given these limitations, this document focuses on Option 4: Using the Internal API for seamless user synchronization.
Implementing the Internal API Solution
Process Overview
The financial system sends person records to Manage, which uses the provided data to create the Person and Labor records. However, not every person requires a Manage user account.
To address this, I introduced a new action menu in the People application called “Create or Update MAS User.” This action allows users to create the MAS user only when needed.
📸 Screenshot: “Create or Update MAS User” new action menu
When selected, a dialog box prompts for the access type and entitlement, which are required for MAS to create the user. These values are crucial, as they determine the number of AppPoints allocated to the user.
📸 Screenshot: Create or Update MAS User dialog box
To simplify data entry, I created domains for these fields:
- Access Type: Concurrent, Authorized
📸 Screenshot: Access Type values
- Entitlement: NONE, SELF_SERVICE, LIMITED, BASE, PREMIUM
📸 Screenshot: Entitlement values
Automation Script & JSON Payload
When the OK button is clicked, an automation script runs to collect data from the Person record and the dialog box, creating a JSON message for the API request.
Since this client uses SAML authentication, no password is required. Below is the JSON structure and its mappings:
JSON Payload Mapping
(A more detailed JSON mapping table is included in the full implementation. An appendix is included at the end of this blog for more detail on JSON mapping.)
To construct the JSON object, I used the JSONObject and JSONArray classes from com.ibm.json.java, along with other essential libraries:
- com.ibm.json.java.JSONObject
- com.ibm.json.java.JSONArray
- psdi.mbo.Translate
- psdi.app.lictrack.MaxLicenseUtils
- psdi.iface.mos.ConversionUtil
Calling the MAS Internal API
Once the json object is created, the script invokes the MAS Internal API. The internal API url is
- internalapi.<mas-instance-id>.svc/v2/bulk/users/upsert
📌 API Request Configuration:
Final Outcome
Once MAS receives the JSON payload, it automatically creates or updates the MAS user and syncs it with Manage.
✅ No need to manually update users in MAS Administration Suite
✅ User accounts are synchronized seamlessly
✅ Only required users are created in MAS
📌 The final step is to assign the appropriate Manage user groups.
🎉 And that’s it! The user is successfully created in both MAS and Manage!
Conclusion
By leveraging the Internal API, we streamlined user synchronization without requiring financial system modifications or manual intervention. This approach ensures efficient user management while aligning with MAS best practices.
If you're considering similar integrations, I highly recommend this method for its flexibility and automation capabilities.
💡 Have questions or feedback? Feel free to reach out!