Overview
Tutorials are designed to offer a guide to complete common objectives, while also acknowledging that individual developers need to respond to individual needs of their own solutions. Tutorial frameworks provide blueprints for these solutions and should be adapted to fit individual needs.
Analytics with Birst
API Gateway
Application Development with Mongoose
Artificial Intelligence
Data Fabric
Digitical Assistant
Document Management
Integration with ION
Robotic Process Automation
Add description here
Security & User Management
Add description here
What made this section unhelpful for you?
On this page
- Overview
Analytics with Birst
On this page
- Analytics with Birst
API Gateway
API Gateway is a software system for brokering requests from API consumers, such as web and mobile applications, and API providers, such as Infor enterprise or third-party services. As a broker sits between consumers and providers (technically it is a reverse proxy), it can provide many benefits to both consumers and providers.
On this page
- API Gateway
Application Development with Mongoose
Go beyond basic fit and customize your cloud experience with extensibility tools that leverage no-code, low-code, and full-code frameworks.
On this page
- Application Development with Mongoose
Artificial Intelligence
Use Machine Learning to build an AI into your business processes.
On this page
- Artificial Intelligence
Analytics & Reporting in CloudSuite Service Industries
What made this section unhelpful for you?
On this page
- Analytics & Reporting in CloudSuite Service Industries
Analytics & Reporting in M3 Cloudsuites
What made this section unhelpful for you?
On this page
- Analytics & Reporting in M3 Cloudsuites
Backend as a Service (BaaS)
What made this section unhelpful for you?
On this page
- Backend as a Service (BaaS)
Data Fabric
Manage data on the platform so that humans and systems can securely access information from anywhere.
On this page
- Data Fabric
Digital Assistant
Streamline the user experience with a digital assistant that helps your employees navigate and access information by voice or chat.
On this page
- Digital Assistant
Document Management
Leverage Infor's central document repository to manage your enterprise document in the cloud.
On this page
- Document Management
Governance, Risk and Compliance
What made this section unhelpful for you?
On this page
- Governance, Risk and Compliance
Integration with ION
Create a unified application topology using the integration hub in the Infor Platform.
On this page
- Integration with ION
Portal and Workspaces
On this page
- Portal and Workspaces
Robotic Process Automation
RPA automates repetitive tasks and empowers your team to focus on what they do best.
On this page
- Robotic Process Automation
Security & User Management
Tutorials that help you leverage Infor's cloud security and user management capabilities.
Infor Cloud Identity & Access Management is where Infor User Management and access will be handled by IFS (Infor Federation Service) along with the Infor Federated Hub for the Authentication and Authorization of User Account Management. This component of the Infor Platform is utilized by those accessing the Infor Cloud from a browser based app, mobile app, or API.
An Overview of how Infor Federated Services (IFS) facilitates the management of users and permissions.
Key Concepts & Definitions
Identity and Access Management (IAM) | Access management is the process of managing a user’s login and access across a wide range of applications, systems, and resources belonging to an organization. IAM services authorize user access to protected resources, but delegate the authorization decisions to the applications’ owners. |
Identity Provider (IdP) | A system that validates the identity of a user in a federated system. The service provider (or SP; see below) uses the IdP to get the identity of the current user. |
Service Provider (SP) | A system that provides a generic service to the user in a federated system. To users, a service provider is the same thing as the application they are trying to use. |
Federation | An agreement ( trust ) between identity providers and service providers that allows for the sharing of information. It lets users of a service sign on to said service through one single identity provider. Also known as federated identity management, this is a technical implementation that enables identity information to be developed and shared among several entities and across trust domains. |
Security Assertion Markup Language (SAML) | SAML is an industry standard XML-based framework for communicating user authentication and attribute information. The SAML 2.0 protocol standard is leveraged by Infor applications |
Single Sign On (SSO) | A service model in which users log into one single platform that gives them automatic log-in access to multiple applications for a certain period of time. Users using this system only have to remember one set of credentials, as opposed to learning a new password for each application. |
Single Log Out (SLO) | Enables a user to log out of all participating sites in a created session. The party that authenticated the user handles all logout requests and responses for participating sites. |
Identity Stores | User information stored across a variety of technologies, including databases, LDAP, Active Directory, etc. |
User Provisioning | A set of technologies that create, modify, and de-activate user accounts and their profiles across IT infrastructure and business applications. |
System for Cross-domain Identity Management (SCIM) | SCIM is a standard for automating the exchange of user identity information between identity domains, or IT systems. SCIM communicates user identity data between identity providers and service providers requiring user identity information. |
Just In Time (JIT) | Process where a user account can be created on demand after successful authentication occurs. |
Authentication | Authentication is the process of validating an identity, whether it be the identity of a user or, as in the Identity of Things, a device. The classic method of validation is the username/password combination. Authentication ensures that the individual is who he/she claims to be. |
Authorization | The process of determining if a user has the right to access a service or perform an action or the process of giving individuals access to system objects based on their identity. |
Component Parts
Single Sign On (SSO) Overview
User authentication process that authenticates the user for all the applications they have been given rights to and eliminates further password prompts.
Authentication and SSO details
- Infor OS in the cloud leverages Infor Security Token Service (InforSTS) as the identity provider used for authentication.
- Infor Federation Services (IFS) is the identity store, users requiring access to Infor OS Cloud must have a cloud identity account.
- InforSTS is a SAML 2.0 complaint identity provider.
- Infor applications existing in the Infor Multi Tenant cloud will be integrated with the Portal Federation Hub in order to achieve SSO. The Portal Federation Hub is the interface designed to allow authentication flows between applications and InforSTS. Once a user authenticates to the Infor Cloud portal they will have access to all other applications without being challenged for credentials due to the token supplied by the Portal Federation Hub to the user browser session.
- Infor Cloud is SP initiated SSO, user accesses the Infor Cloud portal and is redirected to the identity provider if authentication is required.
SSO Options
- Infor OS Cloud can be federated with other identity providers to allow for authentication and SSO from other sources, typically this would be done to grant customer accounts access to the Infor OS Cloud portal and eliminate the need to create and maintain cloud identity accounts for users.
- Federations can be created with any SAML 2.0 capable identity provider.
- Infor OS Cloud now supports Open ID Connect which relies on the OAuth 2.0 protocol for federations.
- Federating with identity providers provides flexibility for customers on the identity providers used and the identity stores used by those identity providers.
- ADFS SAML Federation with Infor CloudSuite
- Azure AD SAML Federation with Infor CloudSuite
- Azure AD OIDC Federation with Infor CloudSuite
- Google G-Suite SAML Federation with Infor CloudSuite
- Okta SAML Federation with Infor CloudSuite
- Okta OIDC Federation with Infor CloudSuite
Authorization and IFS Overview
- After authentication occurs access to the Infor OS portal requires authorization. This is handled by Infor Federation Services (IFS), this is Infor’s user management application.
- In order to be authorized a user must have an account within IFS.
- In order to access applications a user must have security roles assigned to their account. These security roles are defined by application and functions within the applications that exist within the Infor OS portal.
- Some applications rely solely on IFS for security purposes and some Cloudsuites have their own security in addition to IFS security roles. In order for a user to access these applications they would require the correct IFS security roles for the application and would need to have an account within the specific application in order to gain access and run features and functions.
- Access to the Infor OS portal requires authentication and authorization, both have equal importance when it comes to application security.
User Provisioning – Cloud
- Infor OS Cloud does not have the ability to bind to an Active Directory like the on-premise version.
- Users can be manually created within the IFS user management application. When a user is created, they will be sent an email asking them to verify their account and to create a password for that account.
- Other user provisioning options are manual import of user information from a CSV or XML file.
- SCIM can be used to publish or get user information between a SCIM capable application and Infor OS Cloud. Infor OS is SCIM 1.1 and 2.0 compliant. Infor OS Cloud has SCIM service only capability.
- If Infor OS Cloud is federated with another identity provider, then the requirement to have a user verify their account and create a password is not needed. The option to generate the verification email when users are added to IFS can be turned off.
- If Infor OS Cloud is federated with another identity provider, then there is an option to use Just In Time (JIT) to have user accounts created on demand.
- Users can also be provisioned to IFS via a Security User Master ( SUM ) BOD (Business Object document) generated from another application that has a user repository and supports BODs. Infor GHR is an example of a cloud application that generates a SUM BOD that IFS can consume for user provisioning purposes.
Authentication and Provisioning Flow
The Authentication and Provisioning flow diagram illustrates the configuration and flow of the Federation (Authentication) and User Provisioning (Authorization) to a Identity Provider using SCIM for user provisioning automation and maintenance.
SCIM User and Security Role Flow
The SCIM User and Security Role flow diagram illustrates how SCIM groups are used to assign security roles to IFS users using the Azure AD identity provider SCIM interface.
GHR CSV Integration Diagram
The GHR CSV Integration Diagram illustrates how user provisioning can be automated from the GHR application source of record to a customers corporate HR application system using a CSV file format.
GHR API Integration Diagram
The GHR API Integration Diagram illustrates how user provisioning can be automated from the GHR application source of record to a customers corporate HR application system using a API call.
Want to learn more?
Quick Reference
There is a lot to learn in the Infor Platform. A quick reference sheet is always helpful. Check out the IFS IAM User Management Cheat Sheet.
Topical videos
Need information on a specific feature, function, or a quick overview? Then short videos may be just what you are looking for. Check out our playlist on YouTube.
Written Guides
Product documentation is the go-to reference for how specific parts of the product work. For online, searchable, easy to understand docs see this component’s documentation:
Community
Collaborating with others in your industry is a great way to learn and help others. Start participating in this component’s online community today!
Courses
Infor U Campus offers learning tracks that combine video-based and instructor-led teaching. If you are an Infor customer, check out courses on Campus. We recommend the following courses specifically for this component:
What made this section unhelpful for you?
On this page
- Security & User Management
Cloud Portal SAML Federation with AzureAD Identity Provider
Business Problem
Your organization requires a seamless and secure access management solution for users accessing the Cloud Portal. The goal is to enable users to utilize their corporate user account credentials for authentication into the Cloud Portal while facilitating account management and setup processes. To achieve this, integration with Microsoft's AzureAD Identity Provider is sought to implement Single Sign-On (SSO) and manage corporate user accounts using the SAML federation protocol.
Components
Requirements
- Access to an Infor CloudSuite * User privileges for Infor Federated Service (IFS) User Management with the following roles: * IFSApplicationAdmin * Infor-SystemAdministrator * PortalContentAdministrator * UserAdmin * Optional Infor U courses: * Infor OS: Identity and Access Management Fundamentals Workshop
Tutorial
Difficulty: Medium Estimated completion time: 30 Minutes
Infor Cloud (specifically inforSTS or Infor Security Token Service) offers the possibility of federation with the AzureAD Identity Provider. This integration allows access to corporate user accounts and facilitates Single Sign-On (SSO) functionality for accessing the Infor Cloud Portal and associated enterprise applications. Infor's support for the SAML 2.0 protocol aligns seamlessly with the AzureAD Identity Provider federations. Additionally, the Cloud portal streamlines user provisioning through the SCIM (System for Cross-domain Identity Management) interface, with compatibility ensured with the AzureAD identity provider's SCIM capabilities.
IFS Federated Security and the Federation Hub handles the Cloud's Federation between Cloud Portal and Micosoft's AzureAD Identity Provider.
Business Objective
- Enhanced Security: Strengthening authentication mechanisms through SAML Federation with the AzureAD Identity Provider bolsters security measures, mitigating risks associated with unauthorized access, data breaches, and cyber threats. By centralizing authentication processes and leveraging AzureAD's robust security features, the organization can safeguard sensitive data and protect against potential vulnerabilities. 2. Improved User Experience: Simplifying authentication processes and providing a seamless login experience contributes to enhanced user satisfaction. By eliminating the need for multiple sets of credentials and reducing authentication barriers, users can navigate the Cloud Portal and associated applications more efficiently, leading to increased user adoption and engagement. 3. Streamlined Access Management: The integration facilitates Single Sign-On (SSO) capabilities, enabling users to access the Cloud Portal and enterprise applications seamlessly using their corporate credentials. This streamlines access management processes, reduces password fatigue, and enhances user experience, ultimately boosting productivity and operational efficiency.
Interested in setting up Single Sign-On (SSO) using SAML with AzureAD within Infor Federation Services and seeking guidance on the process:
In this video, we'll walk you through the process of setting up SAML (Security Assertion Markup Language) federation between the Infor Cloud Application and the AzureAD Identity provider. Once the configuration is complete, users will have the capability to log in to the Infor Cloud Application and other federated applications using AzureAD's authentication.
https://youtu.be/3GEwMStAkeM?si=T1H_bglhixBPDq9G
You are now equipped to configure authentication and establish federation between the Cloud Portal and Microsoft's AzureAD Identity provider (IdP).
Resources
Cloud Portal to AzureAD Identity Provider setup through a Federated Connection:
Help Documents on configuring the Azure AD SAML Federation with Infor CloudSuite
- Prerequisites and basic parameters * Downloading the Infor CloudSuite Metadata * Adding Infor CloudSuite to Azure AD * Adding Azure AD configuration to Infor CloudSuite * Azure AD user and group provisioning to Infor CloudSuite * Enabling Azure AD as IDP in Infor CloudSuite * Testing
Azure AD OIDC Federation with Infor CloudSuite
Help Documents on configuring the Azure AD OIDC Federation with Infor CloudSuite
- Prerequisites and basic parameters * Exporting the Infor CloudSuite Callback URL * Adding Infor CloudSuite to Azure AD * Adding Azure AD configuration to Infor CloudSuite * Enabling Azure AD as IDP in Infor CloudSuite * Testing
Other Federated Security Configurations
- SAML 2.0 * OpenID Connect * WS-Trust * Azure AD Active Mode * Applications that require electronic signatures call the Infor Cloud Federation Hub WS-Trust interface with the user supplied username and password. When Azure AD Active Mode is enabled, the Federation Hub validates the username and password against the REST API interface of Azure AD.
For additional Identity provider federations and User Provisioning setups, feel free to explore the Security and User Management with Infor Federation Services playlist.
https://www.youtube.com/playlist?list=PLbzqMzjlWI2bo5WJ81JlYk6SyjNeWeJFL
What made this section unhelpful for you?
On this page
- Cloud Portal SAML Federation with AzureAD Identity Provider
Cloud Portal SAML Federation with ADFS Identity Provider
Business Problem
Your organization requires a seamless and secure access management solution for users accessing the Cloud Portal. The goal is to enable users to utilize their corporate user account credentials for authentication into the Cloud Portal while facilitating account management and setup processes. To achieve this, integration with Microsoft's ADFS Identity Provider is sought to implement Single Sign-On (SSO) and manage corporate user accounts using the SAML federation protocol.
Components
Requirements
- Access to an Infor CloudSuite * User privileges for Infor Federated Service (IFS) User Management with the following roles: * IFSApplicationAdmin * Infor-SystemAdministrator * PortalContentAdministrator * UserAdmin * Optional Infor U courses: * Infor OS: Identity and Access Management Fundamentals Workshop
Tutorial
Difficulty: Medium Estimated completion time: 30 Minutes
Infor Cloud (specifically inforSTS or Infor Security Token Service) offers the possibility of federation with the Microsoft ADFS Identity Provider. This integration allows access to corporate user accounts and facilitates Single Sign-On (SSO) functionality for accessing the Infor Cloud Portal and associated enterprise applications. Infor's support for the SAML 2.0 protocol aligns seamlessly with ADFS Identity Provider federations. ADFS does not have the capability of supporting the SCIM (System for Cross-domain Identity Management) interface for user provisioning.
IFS Federated Security and the Federation Hub handles the Cloud's Federation between Cloud Portal and the ADFS Identity Provider.
Business Objective
- Enhanced Security: Strengthening authentication mechanisms through SAML Federation with ADFS Identity Provider bolsters security measures, mitigating risks associated with unauthorized access, data breaches, and cyber threats. By centralizing authentication processes and leveraging ADFS's robust security features, the organization can safeguard sensitive data and protect against potential vulnerabilities 2. Improved User Experience: Simplifying authentication processes and providing a seamless login experience contributes to enhanced user satisfaction. By eliminating the need for multiple sets of credentials and reducing authentication barriers, users can navigate the Cloud Portal and associated applications more efficiently, leading to increased user adoption and engagement. 3. Streamlined Access Management: The integration facilitates Single Sign-On (SSO) capabilities, enabling users to access the Cloud Portal and enterprise applications seamlessly using their corporate credentials. This streamlines access management processes, reduces password fatigue, and enhances user experience, ultimately boosting productivity and operational efficiency.
Interested in setting up Single Sign-On (SSO) using SAML with ADFS within Infor Federation Services and seeking guidance on the process:
In this video, we'll walk you through the process of setting up SAML (Security Assertion Markup Language) federation between the Infor Cloud Application and the ADFS Identity provider. Once the configuration is complete, users will have the capability to log in to the Infor Cloud Application and other federated applications using ADFS authentication.
https://www.youtube.com/watch?v=u64Cl29V82U
You are now equipped to configure authentication and establish federation between the Cloud Portal and the Microsoft ADFS Identity provider (IdP).
Resources
Help documents on configuring theADFS SAML Federation with Infor CloudSuite.
- Prerequisites and basic parameters * Adding ADFS configuration to Infor CloudSuite * Adding Infor CloudSuite to ADFS * Infor OS user provisioning to Infor CloudSuite * Enabling ADFS as IDP in Infor CloudSuite * Testing
Additional Federated Security Configurations:
For additional Identity provider federations and User Provisioning setups, feel free to explore the Security and User Management with Infor Federation Services playlist.
https://www.youtube.com/playlist?list=PLbzqMzjlWI2bo5WJ81JlYk6SyjNeWeJFL
What made this section unhelpful for you?
On this page
- Cloud Portal SAML Federation with ADFS Identity Provider
Cloud Portal SAML Federation with Google Identity Provider
Business Problem
Your organization requires a seamless and secure access management solution for users accessing the Cloud Portal. The goal is to enable users to utilize their corporate user account credentials for authentication into the Cloud Portal while facilitating account management and setup processes. To achieve this, integration with Google's Identity Provider is sought to implement Single Sign-On (SSO) and manage corporate user accounts using the SAML federation protocol.
Components
Requirements
- Access to an Infor Cloud Portal * User privileges for Infor Federated Service (IFS) User Management with the following roles: * IFSApplicationAdmin * Infor-SystemAdministrator * Portal-ContentAdministrator * UserAdmin * Optional Infor U courses: * Infor OS: Identity and Access Management Fundamentals Workshop
Tutorial
Difficulty: Medium Estimated completion time: 30 Minutes
Infor Cloud (specifically inforSTS or Infor Security Token Service) offers the possibility of federation with the Google Identity Provider. This integration allows access to corporate user accounts and facilitates Single Sign-On (SSO) functionality for accessing the Infor Cloud Portal and associated enterprise applications. Infor's support for the SAML 2.0 protocol aligns seamlessly with Google Identity Provider federations. Additionally, the Cloud portal streamlines user provisioning through the SCIM (System for Cross-domain Identity Management) interface, with compatibility ensured with the Google identity provider's SCIM capabilities.
IFS Federated Security and the Federation Hub handles the Cloud's Federation between Cloud Portal and Google Identity Provider.
Business Objectives
- Enhanced Security : Strengthening authentication mechanisms through SAML Federation with Google Identity Provider bolsters security measures, mitigating risks associated with unauthorized access, data breaches, and cyber threats. By centralizing authentication processes and leveraging Google's robust security features, the organization can safeguard sensitive data and protect against potential vulnerabilities 2. Improved User Experience : Simplifying authentication processes and providing a seamless login experience contributes to enhanced user satisfaction. By eliminating the need for multiple sets of credentials and reducing authentication barriers, users can navigate the Cloud Portal and associated applications more efficiently, leading to increased user adoption and engagement. 3. Streamlined Access Management : The integration facilitates Single Sign-On (SSO) capabilities, enabling users to access the Cloud Portal and enterprise applications seamlessly using their corporate credentials. This streamlines access management processes, reduces password fatigue, and enhances user experience, ultimately boosting productivity and operational efficiency.
Interested in setting up Single Sign-On (SSO) using SAML with Google within Infor Federation Services and seeking guidance on the process:
In this video, we'll walk you through the process of setting up SAML (Security Assertion Markup Language) federation between the Infor Cloud Application and the Google Identity provider. Once the configuration is complete, users will have the capability to log in to the Infor Cloud Application and other federated applications using Google authentication.
https://www.youtube.com/watch?v=ETgjcFvVNcs&list=PLbzqMzjlWI2bo5WJ81JlYk6SyjNeWeJFL&index=2
You are now equipped to configure authentication and establish federation between the Cloud Portal and Google's Identity provider (IdP).
Resources
Help Documents on configuring theGoogle SAML Federation with Infor Cloud Portal
- Prerequisites and basic parameters * Exporting Infor CloudSuite Metadata * Adding Infor CloudSuite to Google G-Suite * Adding Google G-Suite configuration to Infor CloudSuite * Google G-Suite user provisioning to Infor CloudSuite * Enabling Google G-Suite as IDP in Infor CloudSuite * Testing
Other Federated Security Configurations
To explore additional Identity provider federations and SCIM user provisioning setups, feel free to explore the Security and User Management with Infor Federation Services playlist.
https://www.youtube.com/playlist?list=PLbzqMzjlWI2bo5WJ81JlYk6SyjNeWeJFL
What made this section unhelpful for you?
On this page
- Cloud Portal SAML Federation with Google Identity Provider
Cloud Portal SAML Federation with Okta Identity Provider
What made this section unhelpful for you?
On this page
- Cloud Portal SAML Federation with Okta Identity Provider
Cloud Portal SAML Federation with OneLogin Identity Provider
What made this section unhelpful for you?
On this page
- Cloud Portal SAML Federation with OneLogin Identity Provider
Cloud Portal SCIM User Provisioning with AzureAD Identity Provider
Business Problem
Your organization is experiencing significant challenges in managing user identities and access permissions across the cloud applications. The manual processes currently in place are time-consuming, error-prone, and lack the scalability needed to support your growing user base and expanding range of applications. To address these issues, you need to streamline and automate user provisioning and de-provisioning processes while ensuring robust security and compliance standards.
Components
Requirements
- Access to an Infor CloudSuite * User privileges for Infor Federated Service (IFS) User Management with the following roles: * IFSApplicationAdmin * Infor-SystemAdministrator * PortalContentAdministrator * UserAdmin * Optional Infor U courses: * Infor OS: Identity and Access Management Fundamentals Workshop
Tutorial
Difficulty: Medium Estimated completion time: 30 Minutes
Implementing SCIM (System for Cross-domain Identity Management) user provisioning in the Infor Cloud Portal with Azure Active Directory (AzureAD) as the identity provider will automate the provisioning and de-provisioning of user accounts. This ensures seamless integration, as well as efficient and secure management of user identities.
Business Objective
- Automation and Efficiency: * Reduce Manual Effort: Automate user account management processes to minimize manual intervention and associated errors. * Accelerate Onboarding and Offboarding: Speed up the onboarding process for new employees and ensure timely de-provisioning of user accounts for departing employees. 2. Improved Security and Compliance: * Enhanced Access Control: Ensure that user access is consistently aligned with organizational policies and role-based access controls. * Compliance and Auditability: Maintain comprehensive audit trails and compliance with industry regulations through automated provisioning and de-provisioning processes. 3. Scalability: * Support Organizational Growth: Provide a scalable identity management solution that can accommodate an increasing number of users and applications. * Centralized Management: Simplify user identity and access management by centralizing it through AzureAD. 4. User Experience: * Consistent User Data: Ensure that user information is consistent across all applications and systems. * Streamlined Processes: Improve overall user experience by reducing delays and errors in account provisioning.
This video provides instructions on how to configure AzureAD SCIM to automate the provisioning, deprovisioning, updating, and maintenance of user accounts in the cloud portal.
Familiarize yourself with the Infor Security Federation page and the Microsoft Azure SCIM setup procedures.
https://www.youtube.com/watch?v=loJJVJ0DaQw
By following the instructions in the video, you should now be able to set up the SCIM connection between the Cloud Portal and Microsoft's AzureAD Identity provider (IdP).
Resources
Help documents on configuringAzure AD SCIM with Infor CloudSuite.
- SCIM Accounts * Adding a SCIM user identifier and password * Deleting a SCIM user identifier and password * SCIM Groups * Adding a security role to a SCIM group * Removing a security role from a SCIM group * Settings > General Settings * Manage Features * SCIM Service
For more information on identity provider federations and user provisioning setups, be sure to explore the Security and User Management with Infor Federation Services playlist.
https://www.youtube.com/playlist?list=PLbzqMzjlWI2bo5WJ81JlYk6SyjNeWeJFL
What made this section unhelpful for you?
On this page
- Cloud Portal SCIM User Provisioning with AzureAD Identity Provider
Cloud Portal OIDC Federation with Okta Identity Provider
Business Problem
Your organization requires a seamless and secure access management solution for users accessing the Cloud Portal. The goal is to enable users to utilize their corporate user account credentials for authentication into the Cloud Portal while facilitating account management and setup processes. To achieve this, integration with Okta's Identity Provider is sought to implement Single Sign-On (SSO) and manage corporate user accounts using the OIDC (OpenID Connect) federation protocol.
Components
Requirements
- Access to an Infor Cloud Portal * User privileges for Infor Federated Service (IFS) User Management with the following roles: * IFSApplicationAdmin * Infor-SystemAdministrator * PortalContentAdministrator * UserAdmin * Optional Infor U courses: * Infor OS: Identity and Access Management Fundamentals Workshop
Tutorial
Difficulty: Medium Estimated completion time: 30 Minutes
Infor Cloud (specifically inforSTS or Infor Security Token Service) offers the possibility of federation with the Okta Identity Provider. This integration allows access to corporate user accounts and facilitates Single Sign-On (SSO) functionality for accessing the Infor Cloud Portal and associated enterprise applications. Infor's support for the OIDC (OpenID Connect) protocol aligns seamlessly with Okta's Identity Provider federations. Additionally, the Cloud portal streamlines user provisioning through the SCIM (System for Cross-domain Identity Management) interface, with compatibility ensured with the Okta identity provider's SCIM capabilities.
IFS Federated Security and the Federation Hub handles the Cloud's Federation between Cloud Portal and Okta's Identity Provider.
Business Objective
- Enhanced Security : Strengthening authentication mechanisms through OIDC (OpenID Connect) Federation with Okta's Identity Provider bolsters security measures, mitigating risks associated with unauthorized access, data breaches, and cyber threats. By centralizing authentication processes and leveraging Okta's robust security features, the organization can safeguard sensitive data and protect against potential vulnerabilities 2. Improved User Experience : Simplifying authentication processes and providing a seamless login experience contributes to enhanced user satisfaction. By eliminating the need for multiple sets of credentials and reducing authentication barriers, users can navigate the Cloud Portal and associated applications more efficiently, leading to increased user adoption and engagement. 3. Streamlined Access Management : The integration facilitates Single Sign-On (SSO) capabilities, enabling users to access the Cloud Portal and enterprise applications seamlessly using their corporate credentials. This streamlines access management processes, reduces password fatigue, and enhances user experience, ultimately boosting productivity and operational efficiency.
Interested in setting up Single Sign-On (SSO) using OIDC (OpenID Connect) protocol with Okta within Infor Federation Services and seeking guidance on the process:
In this video, we'll walk you through the process of setting up OIDC (OpenID Connect) federation between the Infor Cloud Application and the Okta Identity provider. Once the configuration is complete, users will have the capability to log in to the Infor Cloud Applications and other federated applications using Okta's authentication.
https://www.youtube.com/watch?v=FABQqLFuK-I&list=PLbzqMzjlWI2bo5WJ81JlYk6SyjNeWeJFL&index=6&pp=iAQB
You are now equipped to configure authentication and establish federation between the Cloud Portal and Okta's Identity provider (IdP).
Resources
Help documents on configuring theOkta OIDC Federation with Infor Cloud Portal.
- Prerequisites and basic parameters * Exporting the Infor CloudSuite Callback URL * Adding Infor CloudSuite to Okta * Adding Okta configuration to Infor CloudSuite * Enabling Okta as IDP in Infor CloudSuite * Testing
Other Federated Security Configurations
For more information on identity provider federations and user provisioning setups, be sure to explore the Security and User Management with Infor Federation Services playlist. It offers extensive resources and valuable information on these subjects.
https://www.youtube.com/playlist?list=PLbzqMzjlWI2bo5WJ81JlYk6SyjNeWeJFL
What made this section unhelpful for you?
On this page
- Cloud Portal OIDC Federation with Okta Identity Provider
Cloud Portal SCIM User Provisioning with Okta Identity Provider
Business Problem
Your organization is experiencing significant challenges in managing user identities and access permissions across the cloud applications. The manual processes currently in place are time-consuming, error-prone, and lacks the scalability needed to support your growing user base and expanding range of applications. To address these issues, you need to streamline and automate user provisioning and de-provisioning processes while ensuring robust security and compliance standards.
Components
Requirements
- Access to an Infor CloudSuite * User privileges for Infor Federated Service (IFS) User Management with the following roles: * IFSApplicationAdmin * Infor-SystemAdministrator * PortalContentAdministrator * UserAdmin * Optional Infor U courses: * Infor OS: Identity and Access Management Fundamentals Workshop
Tutorial
Difficulty: Medium Estimated completion time: 30 Minutes
Implementing SCIM (System for Cross-domain Identity Management) user provisioning in the Infor Cloud Portal with Okta as the identity provider will automate the provisioning and de-provisioning of user accounts. This ensures seamless integration, as well as efficient and secure management of user identities.
Business Objective
- Automation and Efficiency: * Reduce Manual Effort: Automate user account management processes to minimize manual intervention and associated errors. * Accelerate Onboarding and Offboarding: Speed up the onboarding process for new employees and ensure timely de-provisioning of user accounts for departing employees. 2. Improved Security and Compliance: * Enhanced Access Control: Ensure that user access is consistently aligned with organizational policies and role-based access controls. * Compliance and Auditability: Maintain comprehensive audit trails and compliance with industry regulations through automated provisioning and de-provisioning processes. 3. Scalability: * Support Organizational Growth: Provide a scalable identity management solution that can accommodate an increasing number of users and applications. * Centralized Management: Simplify user identity and access management by centralizing it through Okta. 4. User Experience: * Consistent User Data: Ensure that user information is consistent across all applications and systems. * Streamlined Processes: Improve overall user experience by reducing delays and errors in account provisioning.
This video provides instructions on how to configure Okta SCIM to automate the provisioning, deprovisioning, updating, and maintenance of user accounts in the cloud portal.
Familiarize yourself with the Infor Security Federation page and the Okta SCIM setup procedures.
https://www.youtube.com/watch?v=ubkGfjbEiPE
By following the instructions in the video, you should now be able to set up the SCIM connection between the Cloud Portal and Okta Identity provider (IdP).
Resources
Help documents on configuringOkta SCIM with Infor CloudSuite.
- Configuring provisioning for Infor CloudSuite * Features * Requirements * Step-by-step configuration instructions * Enabling the SCIM Service in Infor CloudSuite * Configuring the SCIM agent in Okta for Infor CloudSuite * Group provisioning to Infor CloudSuite * Migrating to the latest app version * Known issues and troubleshooting * SCIM Accounts * Adding a SCIM user identifier and password * Deleting a SCIM user identifier and password * SCIM Groups * Adding a security role to a SCIM group * Removing a security role from a SCIM group * Settings > General Settings * Manage Features * SCIM Service
For more information on identity provider federations and user provisioning setups, be sure to explore the Security and User Management with Infor Federation Services playlist.
https://www.youtube.com/playlist?list=PLbzqMzjlWI2bo5WJ81JlYk6SyjNeWeJFL
What made this section unhelpful for you?
On this page
- Cloud Portal SCIM User Provisioning with Okta Identity Provider
Cloud Portal SCIM User Provisioning with OneLogin Identity Provider
Business Problem
Your organization is experiencing significant challenges in managing user identities and access permissions across the cloud applications. The manual processes currently in place are time-consuming, error-prone, and lack the scalability needed to support your growing user base and expanding range of applications. To address these issues, you need to streamline and automate user provisioning and de-provisioning processes while ensuring robust security and compliance standards.
Components
Requirements
- Access to an Infor CloudSuite * User privileges for Infor Federated Service (IFS) User Management with the following roles: * IFSApplicationAdmin * Infor-SystemAdministrator * PortalContentAdministrator * UserAdmin * Optional Infor U courses: * Infor OS: Identity and Access Management Fundamentals Workshop
Tutorial
Difficulty: Medium Estimated completion time: 30 Minutes
Implementing SCIM (System for Cross-domain Identity Management) user provisioning in the Infor Cloud Portal with OneLogin as the identity provider will automate the provisioning and de-provisioning of user accounts. This ensures seamless integration, as well as efficient and secure management of user identities.
Business Objective
- Automation and Efficiency: * Reduce Manual Effort: Automate user account management processes to minimize manual intervention and associated errors. * Accelerate Onboarding and Offboarding: Speed up the onboarding process for new employees and ensure timely de-provisioning of user accounts for departing employees. 2. Improved Security and Compliance: * Enhanced Access Control: Ensure that user access is consistently aligned with organizational policies and role-based access controls. * Compliance and Auditability: Maintain comprehensive audit trails and compliance with industry regulations through automated provisioning and de-provisioning processes. 3. Scalability: * Support Organizational Growth: Provide a scalable identity management solution that can accommodate an increasing number of users and applications. * Centralized Management: Simplify user identity and access management by centralizing it through OneLogin. 4. User Experience: * Consistent User Data: Ensure that user information is consistent across all applications and systems. * Streamlined Processes: Improve overall user experience by reducing delays and errors in account provisioning.
This video provides instructions on how to configure OneLogin SCIM to automate the provisioning, deprovisioning, updating, and maintenance of user accounts in the cloud portal.
Familiarize yourself with the Infor Security Federation page and the OneLogin SCIM setup procedures.
https://www.youtube.com/watch?v=H2kuVRFLS08&list=PLbzqMzjlWI2bo5WJ81JlYk6SyjNeWeJFL&index=4&t=7s
By following the instructions in the video, you should now be able to set up the SCIM connection between the Cloud Portal and OneLogin's Identity provider (IdP).
Resources
Help documents on configuringOneLogin SCIM with Infor CloudSuite.
- SCIM Accounts * Adding a SCIM user identifier and password * Deleting a SCIM user identifier and password * SCIM Groups * Adding a security role to a SCIM group * Removing a security role from a SCIM group * Settings > General Settings * Manage Features * SCIM Service
For more information on identity provider federations and user provisioning setups, be sure to explore the Security and User Management with Infor Federation Services playlist. It offers extensive resources and valuable information on these subjects.
https://www.youtube.com/playlist?list=PLbzqMzjlWI2bo5WJ81JlYk6SyjNeWeJFL
What made this section unhelpful for you?
On this page
- Cloud Portal SCIM User Provisioning with OneLogin Identity Provider
Multi-Factor Authentication Setup On Cloud Portal IFS
Business Problem
You want to increase and enhance the authentication security to users accessing the Infor Cloud by implementing multi-factor authentication (MFA). MFA is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application.
Components
Requirements
- Access to an Infor CloudSuite * User privileges for Infor Federated Service (IFS) User Management with the following roles: * IFSApplicationAdmin * Infor-SystemAdministrator * PORTAL-ContentAdministrator * UserAdmin * Optional Infor U courses: * Infor OS: Identity and Access Management Fundamentals Workshop
Tutorial
Difficulty: Medium Estimated completion time: 30 Minutes
While the Infor Cloud uses MFA via the customer federated connection handled by the customer's identity provider, it is also possible to configure MFA directly on your tenant for internal accounts. We'll guide you through the steps to configure multi-factor authentication (MFA) for internal cloud identity accounts in Infor Cloud.
IFS User Management handles the Cloud Identity MFA configuration and setup. When Multi-Factor Authentication (MFA) is enabled and enforced, you will be prompted to register a device for MFA upon your first authentication with Infor Portal Identities. Depending on the configuration set by the Infor Portal administrator, you can authenticate using Time-based One-Time Password (TOTP), Duo, or both.
This video provides an overview of configuring Multi-Factor Authentication (MFA) in Infor OS using the Infor Federated Service identity management system.
Get acquainted with the Infor User Management General Settings page and the Multi-Factor Authentication Configuration.
https://youtu.be/R3CUZ-ABteA?si=-HDDxowTwxDi5RTS
You should now be able to configure Infor's MFA on the tenant to work with your Infor Cloud identities.
Best Practices
- MFA requirements for user authentication via the federated connection are to be handled by the customers identity provider configuration.
Multi Factor Authentication (MFA) through a Federated Connection
Authentication to Infor CloudSuite solutions is accomplished by establishing a federation trust between Infor CloudSuite and a customer’s Identity Provider (e.g. ADFS, Ping, Okta, Azure). * Infor CloudSuite solutions do not require Multi-Factor Authentication (MFA), however customers may have this requirement. Infor does not support direct MFA configurations within the actual Infor CloudSuite through a federated connection. This means that the MFA is performed at the time of logging into the customer’s domain. Implementation of MFA requires the configuration to be within a customer’s Identity Provider so that MFA occurs on the customer side of the federation trust. MFA design and implementation is the customer’s responsibility. * The process for establishing a federation trust between Infor CloudSuite and a customer’s Identity Provider remains the same whether MFA is implemented or not.
MFA can be enabled and enforced for Infor Cloud identity accounts which can be leveraged for users that do not have access within the customer IdP system.
Multi Factor Authentication (MFA) using Cloud Identity authentication
Resources
MFA Configuration Page
Help document on the Multi-Factor Authentication Configuration page.
The MFA Configuration page has these settings:
To enable MFA for cloud identity user accounts you need to login into the portal and go to the following
Home -> User Management -> Settings > General Settings
Setting| Description ---|--- Enable MFA| If selected, the MFA status of all users of the tenant becomes Enabled. At the time of login, the user is challenged for a Time-based One-time Password (TOTP) if the user has already registered a device for MFA. Emails to register MFA devices are automatically sent to all administrators. After MFA is enabled, users can register MFA devices from user settings. Enforce MFA| If selected, at the login page, after logging in with first- factor authentication (user name and password), the user is checked for MFA registration. If not registered, the user is required to register for MFA at this point. If already registered, the user is challenged for TOTP. After MFA is enforced, upon initial re-login, the user is prompted to register a device for MFA. Account Lock Settings| This setting specifies the number of allowed failed login attempts before the user's account is soft locked. For example, if the administrator sets this value to 3 , after three failed attempts, the user’s account is locked. Note: When the user's account is locked, an email is sent to notify the user that the account is locked. The administrator can specify the amount of time before the user's account is unlocked. This setting is Security Administration > Password Management. Authentication Method| The methods of authentication supported by Multi-Factor Authentication (MFA) are: - TOTP - Duo Note: To use Duo as an authentication method, a Duo customer account is required. - FIDO2 - SMS Note: Currently supported for U.S. only.If Enable MFA is selected, the Authentication Method is automatically selected as TOTP. IfEnable MFA is not selected, the Authentication Method is not selected and remains grayed out. #### AdditionalHelp documents on MFA setup and configuration
What made this section unhelpful for you?
On this page
- Multi-Factor Authentication Setup On Cloud Portal IFS
Best practices
What made this section unhelpful for you?
On this page
- Best practices