Opqo 24.02.0 adds support for connecting to Maximo environments that are configured with SAML authentication.  This is enabled by setting the "Use SAML?" switch in the manual Maximo configuration in Opqo.

Note: This setting is not currently available in our customer console for use with configuration codes, however we are working to add this support.

This setting can be configured manually, via DNS auto-discovery and via QR Codes.

When SAML authentication is enabled, Opqo displays a login screen that allows the user to launch the SAML authentication process.  When this is launched, the user authenticates using a web view that follows the authentication flow provided by the SAML identity provider.  This includes any additional steps such as 2-Factor Authentication.

Note: This process is an online-only process, which means that Opqo users cannot login or reauthenticate when offline.

When SAML authentication is configured, Opqo does not receive the user's credentials or anything provided during the SAML login process.

When the SAML authentication flow is completed, Opqo uses the LTPA token provided by the Maximo environment to connect to Maximo, and the user continues to work in Opqo as usual.

Token Renewal

When SAML authentication is configured, session expiry is governed by the Maximo session expiry (which expires the LTPA token) and the SAML identify provider session expiry.

For the Opqo user, the behaviour is as follows:

  1. When the Maximo session expires, Opqo is unable to connect to Maximo and will automatically attempt to renew the LTPA token with the SAML identity provider.  This requires the device to be online, and occurs in the background, with no user intervention.
  2. If the SAML identity provider allows the token to be automatically renewed, Opqo connects to Maximo with the renewed token automatically.  This is governed by the SAML session expiry.
  3. If the SAML identify provider does not renew the token and requires the user to re-authenticate, Opqo will display a screen to the user prompting them to launch the SAML authentication flow.  This is performed via a web view, the same as the initial SAML login.  When the user successfully completes the SAML authentication flow, they are returned to Opqo in the same place they were prior to the reauthentication occurring.

Please do not hesitate to contact us or create a support ticket if you have questions or require our assistance.