Skip to Main Content
IBM Sustainability Software - Ideas Portal


This portal is to open public enhancement requests against the products and services belonging to IBM Sustainability Software. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Delivered
Created by Guest
Created on Aug 23, 2022

Create E-Mail Listener integration ability using OAuth that does not require a refresh token

Since Microsoft has declared the legacy Exchange integration capability out of support everyone was forced to move to OAuth technology. Within Maximo IBM has provided a new ability to support this OAuth connection protocol within the E-Mail Listener Process. This OAuth protocol replaces POP3S and IMAPS. The new OAuth protocol however forces to be configured using a Refresh Token mechanism. As explained by Microsoft on the below pages, this refresh token mechanism requires regular maintenance every 90 days due to expiring refresh tokens. Within every 3 months a new token needs to be generated and this new token needs to be configured in the E-Mail Listener configuration within Maximo. Microsoft describes that the lifetime expiration cannot be influenced/configured. More info: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes#token-lifetime-policies-for-refresh-tokens-and-session-tokens This setup is not desired as the E-mail Listener is a key component/feature within our Service Desk processes for the services delivered to our customers. The risk of having a breakdown in the e-mail llistener process is not desired. This could result in SLA breaches and even in penalty's if contract obligations are not being met. Therefore it is not desired to introduce additional maintenance to keep this E-Mail Listener process running. We truly wonder why IBM implemented a solution using a refresh token as this requires the administrators to generate new tokens every 90 months and requires a mail listener configuration update. The need of refreshing the token and updating the configuration introduces an additional maintenance task that we did not have before. Besides it is an additional business risk which is not acceptable in our point of view. There are additional possibilities of setting up OAuth integrations that do not require a refresh token. You could use a more standardized mechanism that uses username/password as well. This allows for easier maintenance and less frequent password updates. Consider the potential business risk and the additional maintenance costs this mechanism introduces that we did not have before with the old Exchange connections.
Idea priority Urgent
Needed By Month
  • Guest
    Reply
    |
    Oct 9, 2023

    Closing this request as "Delivered" without making a change to how Maixmo maintains a refresh token doesn't qualify as "Delivered". Just because Microsoft doesn't support adjusting the timeout expiration doesn't mean that IBM can't adjust how Maxiom maintains the refresh token. Please make an adjustment to Maximo so that it can self-maintain the refresh token the way other applications do. Many other applications would request a new token every time they connect and update their listener to use that new token automatically the next time it connects. A similar solution inside of Maximo would prevent human intervention every 90 days, allowing the IT team maintenance to fall within their own Password policy instead of a 90-day MS policy.