Automating Refresh Token Updates for Maximo Email Listeners

In the world of Maximo administration, it’s often the small, recurring tasks that become the most frustrating. One of those tasks? Manually updating refresh tokens for Maximo’s email listener configuration—a tedious and time-sensitive chore that returns every 90 days like clockwork. 

At MRM-EAM, one of our consultants recently developed an internal configuration to automate this process, simplifying token updates and removing the risk of email processing failures. While it wasn’t a formal project, this internal enhancement has already delivered real value for both our team and our clients. 

The Problem: Manual Token Management 

Many Maximo environments are configured with email listeners that convert incoming emails into service requests or other transactions. In recent years these listeners require authentication, typically handled through OAuth tokens. Unfortunately, these refresh tokens expire periodically—every 30, 60, 90 days, or even annually—depending on organizational security policies. 

Before this enhancement, refreshing these tokens was a manual process involving several steps: 

• Authenticating through a URL and retrieving an authorization code. 

• Posting that code through a secure tool like Postman to receive a JSON response. 

• Extracting the new token from the response. 

• Deactivating the listener, updating the token, and reactivating the listener in Maximo. 

Multiply that process by the number of listeners (sometimes six or more per environment), and the burden becomes clear. For one client, this took about an hour every quarter—and that’s if everything went smoothly. 

The Solution: A Smarter Configuration 

The new configuration we’ve implemented eliminates this recurring task by automating the refresh token update process. Two versions were developed: 

1. Semi-Automated Option: A simple button-driven interface where a user deactivates the listener, clicks a button to update the token, and then reactivates the listener. Quick and clean. 

2. Fully Automated Option: Leveraging Maximo’s Mange Escalations, a scheduled automation configured to run every 89 days (just before the 90-day expiry), retrieves the new token, and updates the listener configuration in the background—no manual intervention required. 

This automation ensures the email listener continues running without disruption, and without the need for calendar reminders, vacation coverage, or the worry of forgetting the process steps. 

Why This Matters 

Time Savings —> No more repeating the same steps every few months. Whether you’re managing one listener or a dozen across different environments, this saves hours over the course of a year. 

Reduced Risk of Downtime —> Forgotten token updates can lead to failures in processing incoming emails. By automating the process, we prevent avoidable service disruptions, especially important during high-volume periods or when key staff are unavailable. 

Enhanced Security —> Some automation scripts use the less-secure ROPC (Resource Owner Password Credentials) flow, which transmits passwords in API calls. Our approach avoids this entirely, ensuring no passwords are sent over the wire—even through HTTPS, greatly reducing the risk of interception or misuse. 

Seamless Implementation —> The update can be deployed with zero downtime. Maximo remains online, and the email services continue uninterrupted. When the job runs, the old token is still valid for a grace period, ensuring smooth transition to the new one. 

‍Who Can Benefit? 

Any Maximo implementation using email listeners with refresh tokens that expire can benefit from this configuration. While some environments may have non-expiring tokens, most organizations—particularly those with strict security policies—require periodic token refresh. Automating this makes life easier for administrators and improves system reliability. 

Long-Term Impact 

While this may seem like a minor enhancement, it removes a persistent operational pain point. Once implemented, it becomes a set-it-and-forget-it solution. As long as Microsoft’s token structure remains the same (and it has for years), this configuration will continue to do its job without further intervention. 

Even if Maximo is down during a scheduled refresh, the automation picks up where it left off when the system restarts. Emails received while Maximo is down are still queued and processed normally once the system is back—now with an updated refresh token. 

Final Thoughts 

This configuration is a great example of how small internal innovations can lead to major operational improvements. By turning a repetitive, manual process into a background automation, we’re reducing risk, saving time, and increasing reliability. 

If your team is still manually updating refresh tokens for Maximo email listeners, it might be time to rethink your approach. Automation like this doesn’t just streamline operations—it prevents headaches before they happen. 

Contact us at info@mrm-eam.com for more information regarding this configuration and experience from our certified employees.