Multi-Factor Authentication Setup On Cloud Portal IFS
Intermediate | 30 Minutes
Overview
You want to increase and enhance the authentication security to users accessing the Infor Cloud by implementing multi-factor authentication (MFA). MFA is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application.
📋 RequirementsUser privileges for Infor Federated Service (IFS) User Management with the following roles: |
Tutorial
While the Infor Cloud uses MFA via the customer federated connection handled by the customer's identity provider, it is also possible to configure MFA directly on your tenant for internal accounts. We'll guide you through the steps to configure multi-factor authentication (MFA) for internal cloud identity accounts in Infor Cloud.
IFS User Management handles the Cloud Identity MFA configuration and setup. When Multi-Factor Authentication (MFA) is enabled and enforced, you will be prompted to register a device for MFA upon your first authentication with Infor Portal Identities. Depending on the configuration set by the Infor Portal administrator, you can authenticate using Time-based One-Time Password (TOTP), Duo, or both.
This video provides an overview of configuring Multi-Factor Authentication (MFA) in Infor OS using the Infor Federated Service identity management system.
Get acquainted with the Infor User Management General Settings page and the Multi-Factor Authentication Configuration.
You should now be able to configure Infor's MFA on the tenant to work with your Infor Cloud identities.
Best Practices
- MFA requirements for user authentication via the federated connection are to be handled by the customers identity provider configuration.
Multi-Factor Authentication (MFA) through a Federated Connection
- Authentication to Infor CloudSuite solutions is achieved by establishing a federation trust between Infor CloudSuite and a customer’s Identity Provider (e.g., ADFS, Ping, Okta, Azure).
- Multi-Factor Authentication (MFA):
Infor CloudSuite does not require MFA, but customers may choose to implement it based on their security requirements.
Infor does not support direct MFA configurations within Infor CloudSuite through a federated connection.
MFA is performed at the time of logging into the customer’s domain and must be configured within the customer’s Identity Provider.
The design and implementation of MFA are the customer’s responsibility.
The federation trust setup process between Infor CloudSuite and a customer’s Identity Provider remains the same regardless of whether MFA is implemented.
- MFA can be enabled and enforced for Infor Cloud identity accounts which can be leveraged for users that do not have access within the customer IdP system.
Multi-Factor Authentication (MFA) using Cloud Identity authentication
Resources
MFA Configuration Page
Help document on the Multi-Factor Authentication Configuration page.
The MFA Configuration page has these settings:
To enable MFA for cloud identity user accounts you need to login into the portal and go to the following
Home -> User Management -> Settings > General Settings
Multi-Factor Authentication (MFA) Settings
Enable MFA | If selected, the MFA status of all users in the tenant is set to Enabled. At login, users are challenged for a Time-based One-Time Password (TOTP) if they have already registered an MFA device. Emails for MFA device registration are automatically sent to all administrators. Once enabled, users can register MFA devices from user settings. |
Enforce MFA | If selected, after logging in with the first-factor authentication (username and password), the system checks whether the user has registered for MFA. If not registered, the user is required to register at that point. If already registered, the user is challenged for TOTP. Upon initial re-login, users are prompted to register a device for MFA. |
Account Lock Settings | Specifies the number of allowed failed login attempts before a user’s account is soft locked. Example: If the administrator sets this value to 3, after three failed attempts, the user’s account is locked. Note: When an account is locked, an email notification is sent to the user. The administrator can define the unlock time under Security Administration > Password Management. |
Authentication Method | Supported MFA authentication methods include: - TOTP - Duo (Requires a Duo customer account) - FIDO2 - SMS (Currently supported for U.S. only) Note: If Enable MFA is selected, the Authentication Method defaults to TOTP. If Enable MFA is not selected, the Authentication Method remains disabled (grayed out). |
Additional Help
Refer to the MFA setup and configuration documents for further details.
What made this section unhelpful for you?
On this page
- Multi-Factor Authentication Setup On Cloud Portal IFS