IBM Support

Manage 8: Security Control Dialog - Password Expiration and Access Attempts .

Question & Answer


Question

Understanding Password Management and Access Control in Manage 8

Manage 8 relies on external directory services like Microsoft Active Directory (AD) or LDAP for user authentication and authorization. These external directories handle password expiration policies and access attempt limitations.

Security Benefits of Leveraging External Directories

Centralized Management: Password policies and access control settings are managed in one place, simplifying administration and ensuring consistency across all applications that integrate with the directory.
Improved Security: External directories often offer more granular control and stronger encryption for password policies compared to what might be available within Manage 8 itself.
Reduced Risk of Errors: Eliminates the need to maintain separate password policies within Manage 8, reducing the risk of inconsistencies and misconfigurations.

How to Manage Password Expiration and Access Attempts

Microsoft Active Directory: Use the Active Directory Users and Computers console or Group Policy to configure password expiration policies and account lockout settings for failed login attempts.
LDAP Directory: The specific method for managing password policies and access attempts will vary depending on your chosen LDAP server. Refer to the documentation for your specific LDAP implementation.

Benefits of Utilizing External Directories

By leveraging external directories for password management and access control, Manage 8 can focus on its core functionalities of asset lifecycle management and work order management, while relying on the expertise of dedicated directory services for secure user authentication.

Additional Considerations

Manage 8 may display information regarding password expiration retrieved from the directory service.
If you have specific requirements for password management or access control beyond the capabilities of your current directory service, consult your directory service provider or explore integrating with a more robust identity and access management (IAM) solution.

Answer

Conclusion

In MAS + Manage, as default, user information are in mongo database. User information is sync between MAS core and Manage. Unfortunately, This functionalities "Password expiration and access attemps" were not implemented in Manage 8, as used in Maximo 76x. This is a known issue to Development team and it has been addressed in road map meetings for future implementation. As well as other features, reported by customers, that were not initially implemented in MAS. The solution for Login control will be delivered in Manage 9.0, due late June.

While password expiration and access attempt settings are not directly configurable within the Manage 8 security control dialog, leveraging external directory services provides a more secure and centralized approach to user authentication and authorization. If you have further questions or require assistance configuring password policies within your directory service, consult your IT team or the directory service documentation.

[{"Type":"MASTER","Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSRHPA","label":"IBM Maximo Application Suite"},"ARM Category":[{"code":"a8m0z000000cvcNAAQ","label":"Security"}],"ARM Case Number":"TS015921854","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
06 May 2024

UID

ibm17150268

Page Feedback