Tutorials are designed to offer a guide to complete common objectives, while also acknowledging that individual developers need to respond to individual needs of their own solutions. Tutorial frameworks provide blueprints for these solutions and should be adapted to fit individual needs.

Analytics with Birst

API Gateway

Application Development with Mongoose

Artificial Intelligence

Data Fabric

Digitical Assistant

Document Management

Integration with ION

Robotic Process Automation

Add description here

Security & User Management

Add description here

API Gateway is a software system for brokering requests from API consumers, such as web and mobile applications, and API providers, such as Infor enterprise or third-party services. As a broker sits between consumers and providers (technically it is a reverse proxy), it can provide many benefits to both consumers and providers.

Go beyond basic fit and customize your cloud experience with extensibility tools that leverage no-code, low-code, and full-code frameworks.

Use Machine Learning to build an AI into your business processes.

Manage data on the platform so that humans and systems can securely access information from anywhere.

Streamline the user experience with a digital assistant that helps your employees navigate and access information by voice or chat.

Leverage Infor's central document repository to manage your enterprise document in the cloud.

Create a unified application topology using the integration hub in the Infor Platform.

RPA automates repetitive tasks and empowers your team to focus on what they do best.

Tutorials that help you leverage Infor's cloud security and user management capabilities.

Infor Cloud Identity & Access Management is where Infor User Management and access will be handled by IFS (Infor Federation Service) along with the Infor Federated Hub for the Authentication and Authorization of User Account Management. This component of the Infor Platform is utilized by those accessing the Infor Cloud from a browser based app, mobile app, or API.

An Overview of how Infor Federated Services (IFS) facilitates the management of users and permissions.

Key Concepts & Definitions

Component Parts

Single Sign On (SSO) Overview

User authentication process that authenticates the user for all the applications they have been given rights to and eliminates further password prompts.

Authentication and SSO details

• Infor OS in the cloud leverages Infor Security Token Service (InforSTS) as the identity provider used for authentication.
• Infor Federation Services (IFS) is the identity store, users requiring access to Infor OS Cloud must have a cloud identity account.
• InforSTS is a SAML 2.0 complaint identity provider.
• Infor applications existing in the Infor Multi Tenant cloud will be integrated with the Portal Federation Hub in order to achieve SSO. The Portal Federation Hub is the interface designed to allow authentication flows between applications and InforSTS. Once a user authenticates to the Infor Cloud portal they will have access to all other applications without being challenged for credentials due to the token supplied by the Portal Federation Hub to the user browser session.
• Infor Cloud is SP initiated SSO, user accesses the Infor Cloud portal and is redirected to the identity provider if authentication is required.

SSO Options

• Infor OS Cloud can be federated with other identity providers to allow for authentication and SSO from other sources, typically this would be done to grant customer accounts access to the Infor OS Cloud portal and eliminate the need to create and maintain cloud identity accounts for users.
• Federations can be created with any SAML 2.0 capable identity provider.
• Infor OS Cloud now supports Open ID Connect which relies on the OAuth 2.0 protocol for federations.
• Federating with identity providers provides flexibility for customers on the identity providers used and the identity stores used by those identity providers.
• ADFS SAML Federation with Infor CloudSuite
• Azure AD SAML Federation with Infor CloudSuite
• Azure AD OIDC Federation with Infor CloudSuite
• Google G-Suite SAML Federation with Infor CloudSuite
• Okta SAML Federation with Infor CloudSuite
• Okta OIDC Federation with Infor CloudSuite

Authorization and IFS Overview

• After authentication occurs access to the Infor OS portal requires authorization. This is handled by Infor Federation Services (IFS), this is Infor’s user management application.
• In order to be authorized a user must have an account within IFS.
• In order to access applications a user must have security roles assigned to their account. These security roles are defined by application and functions within the applications that exist within the Infor OS portal.
• Some applications rely solely on IFS for security purposes and some Cloudsuites have their own security in addition to IFS security roles. In order for a user to access these applications they would require the correct IFS security roles for the application and would need to have an account within the specific application in order to gain access and run features and functions.
• Access to the Infor OS portal requires authentication and authorization, both have equal importance when it comes to application security.

User Provisioning – Cloud

• Infor OS Cloud does not have the ability to bind to an Active Directory like the on-premise version.
• Users can be manually created within the IFS user management application. When a user is created, they will be sent an email asking them to verify their account and to create a password for that account.
• Other user provisioning options are manual import of user information from a CSV or XML file.
• SCIM can be used to publish or get user information between a SCIM capable application and Infor OS Cloud. Infor OS is SCIM 1.1 and 2.0 compliant. Infor OS Cloud has SCIM service only capability.
• If Infor OS Cloud is federated with another identity provider, then the requirement to have a user verify their account and create a password is not needed. The option to generate the verification email when users are added to IFS can be turned off.
• If Infor OS Cloud is federated with another identity provider, then there is an option to use Just In Time (JIT) to have user accounts created on demand.
• Users can also be provisioned to IFS via a Security User Master ( SUM ) BOD (Business Object document) generated from another application that has a user repository and supports BODs. Infor GHR is an example of a cloud application that generates a SUM BOD that IFS can consume for user provisioning purposes.

Authentication and Provisioning Flow

The Authentication and Provisioning flow diagram illustrates the configuration and flow of the Federation (Authentication) and User Provisioning (Authorization) to a Identity Provider using SCIM for user provisioning automation and maintenance.

SCIM User and Security Role Flow

The SCIM User and Security Role flow diagram illustrates how SCIM groups are used to assign security roles to IFS users using the Azure AD identity provider SCIM interface.

GHR CSV Integration Diagram

The GHR CSV Integration Diagram illustrates how user provisioning can be automated from the GHR application source of record to a customers corporate HR application system using a CSV file format.

GHR API Integration Diagram

The GHR API Integration Diagram illustrates how user provisioning can be automated from the GHR application source of record to a customers corporate HR application system using a API call.

Want to learn more?

Quick Reference

There is a lot to learn in the Infor Platform. A quick reference sheet is always helpful. Check out the IFS IAM User Management Cheat Sheet.

Topical videos

Need information on a specific feature, function, or a quick overview? Then short videos may be just what you are looking for. Check out our playlist on YouTube.

Written Guides

Product documentation is the go-to reference for how specific parts of the product work. For online, searchable, easy to understand docs see this component’s documentation:

• IFS User Management documentation.
• Security Roles specific to IFS User Management
• IFS Federated Security
• IFS User Management General Setting

Community

Collaborating with others in your industry is a great way to learn and help others. Start participating in this component’s online community today!

Courses

Infor U Campus offers learning tracks that combine video-based and instructor-led teaching. If you are an Infor customer, check out courses on Campus. We recommend the following courses specifically for this component:

• Infor OS Platform: Foundation for Multi-Tenant – Part 1
• Infor OS Platform: Foundation for Multi-Tenant – Part 2
• Infor OS Platform: Identity and Access management Fundamentals Workshop

Business Problem

Your organization requires a seamless and secure access management solution for users accessing the Cloud Portal. The goal is to enable users to utilize their corporate user account credentials for authentication into the Cloud Portal while facilitating account management and setup processes. To achieve this, integration with Microsoft's AzureAD Identity Provider is sought to implement Single Sign-On (SSO) and manage corporate user accounts using the SAML federation protocol.

Components

• Security * Portal * Security & User Management Best Practices

Requirements

• Access to an Infor CloudSuite * User privileges for Infor Federated Service (IFS) User Management with the following roles: * IFSApplicationAdmin * Infor-SystemAdministrator * PortalContentAdministrator * UserAdmin * Optional Infor U courses: * Infor OS: Identity and Access Management Fundamentals Workshop

Tutorial

Difficulty: Medium Estimated completion time: 30 Minutes

Infor Cloud (specifically inforSTS or Infor Security Token Service) offers the possibility of federation with the AzureAD Identity Provider. This integration allows access to corporate user accounts and facilitates Single Sign-On (SSO) functionality for accessing the Infor Cloud Portal and associated enterprise applications. Infor's support for the SAML 2.0 protocol aligns seamlessly with the AzureAD Identity Provider federations. Additionally, the Cloud portal streamlines user provisioning through the SCIM (System for Cross-domain Identity Management) interface, with compatibility ensured with the AzureAD identity provider's SCIM capabilities.

IFS Federated Security and the Federation Hub handles the Cloud's Federation between Cloud Portal and Micosoft's AzureAD Identity Provider.

Business Objective

1. Enhanced Security: Strengthening authentication mechanisms through SAML Federation with the AzureAD Identity Provider bolsters security measures, mitigating risks associated with unauthorized access, data breaches, and cyber threats. By centralizing authentication processes and leveraging AzureAD's robust security features, the organization can safeguard sensitive data and protect against potential vulnerabilities. 2. Improved User Experience: Simplifying authentication processes and providing a seamless login experience contributes to enhanced user satisfaction. By eliminating the need for multiple sets of credentials and reducing authentication barriers, users can navigate the Cloud Portal and associated applications more efficiently, leading to increased user adoption and engagement. 3. Streamlined Access Management: The integration facilitates Single Sign-On (SSO) capabilities, enabling users to access the Cloud Portal and enterprise applications seamlessly using their corporate credentials. This streamlines access management processes, reduces password fatigue, and enhances user experience, ultimately boosting productivity and operational efficiency.

Interested in setting up Single Sign-On (SSO) using SAML with AzureAD within Infor Federation Services and seeking guidance on the process:

In this video, we'll walk you through the process of setting up SAML (Security Assertion Markup Language) federation between the Infor Cloud Application and the AzureAD Identity provider. Once the configuration is complete, users will have the capability to log in to the Infor Cloud Application and other federated applications using AzureAD's authentication.

https://youtu.be/3GEwMStAkeM?si=T1H_bglhixBPDq9G

You are now equipped to configure authentication and establish federation between the Cloud Portal and Microsoft's AzureAD Identity provider (IdP).

Resources

Cloud Portal to AzureAD Identity Provider setup through a Federated Connection:

Help Documents on configuring the Azure AD SAML Federation with Infor CloudSuite

• Prerequisites and basic parameters * Downloading the Infor CloudSuite Metadata * Adding Infor CloudSuite to Azure AD * Adding Azure AD configuration to Infor CloudSuite * Azure AD user and group provisioning to Infor CloudSuite * Enabling Azure AD as IDP in Infor CloudSuite * Testing

Azure AD OIDC Federation with Infor CloudSuite

Help Documents on configuring the Azure AD OIDC Federation with Infor CloudSuite

• Prerequisites and basic parameters * Exporting the Infor CloudSuite Callback URL * Adding Infor CloudSuite to Azure AD * Adding Azure AD configuration to Infor CloudSuite * Enabling Azure AD as IDP in Infor CloudSuite * Testing

Other Federated Security Configurations

• SAML 2.0 * OpenID Connect * WS-Trust * Azure AD Active Mode * Applications that require electronic signatures call the Infor Cloud Federation Hub WS-Trust interface with the user supplied username and password. When Azure AD Active Mode is enabled, the Federation Hub validates the username and password against the REST API interface of Azure AD.

For additional Identity provider federations and User Provisioning setups, feel free to explore the Security and User Management with Infor Federation Services playlist.

https://www.youtube.com/playlist?list=PLbzqMzjlWI2bo5WJ81JlYk6SyjNeWeJFL

Business Problem

Your organization requires a seamless and secure access management solution for users accessing the Cloud Portal. The goal is to enable users to utilize their corporate user account credentials for authentication into the Cloud Portal while facilitating account management and setup processes. To achieve this, integration with Microsoft's ADFS Identity Provider is sought to implement Single Sign-On (SSO) and manage corporate user accounts using the SAML federation protocol.

Components

• Security * Portal * Security & User Management Best Practices

Requirements

• Access to an Infor CloudSuite * User privileges for Infor Federated Service (IFS) User Management with the following roles: * IFSApplicationAdmin * Infor-SystemAdministrator * PortalContentAdministrator * UserAdmin * Optional Infor U courses: * Infor OS: Identity and Access Management Fundamentals Workshop

Tutorial

Difficulty: Medium Estimated completion time: 30 Minutes

Infor Cloud (specifically inforSTS or Infor Security Token Service) offers the possibility of federation with the Microsoft ADFS Identity Provider. This integration allows access to corporate user accounts and facilitates Single Sign-On (SSO) functionality for accessing the Infor Cloud Portal and associated enterprise applications. Infor's support for the SAML 2.0 protocol aligns seamlessly with ADFS Identity Provider federations. ADFS does not have the capability of supporting the SCIM (System for Cross-domain Identity Management) interface for user provisioning.

IFS Federated Security and the Federation Hub handles the Cloud's Federation between Cloud Portal and the ADFS Identity Provider.

Business Objective

1. Enhanced Security: Strengthening authentication mechanisms through SAML Federation with ADFS Identity Provider bolsters security measures, mitigating risks associated with unauthorized access, data breaches, and cyber threats. By centralizing authentication processes and leveraging ADFS's robust security features, the organization can safeguard sensitive data and protect against potential vulnerabilities 2. Improved User Experience: Simplifying authentication processes and providing a seamless login experience contributes to enhanced user satisfaction. By eliminating the need for multiple sets of credentials and reducing authentication barriers, users can navigate the Cloud Portal and associated applications more efficiently, leading to increased user adoption and engagement. 3. Streamlined Access Management: The integration facilitates Single Sign-On (SSO) capabilities, enabling users to access the Cloud Portal and enterprise applications seamlessly using their corporate credentials. This streamlines access management processes, reduces password fatigue, and enhances user experience, ultimately boosting productivity and operational efficiency.

Interested in setting up Single Sign-On (SSO) using SAML with ADFS within Infor Federation Services and seeking guidance on the process:

In this video, we'll walk you through the process of setting up SAML (Security Assertion Markup Language) federation between the Infor Cloud Application and the ADFS Identity provider. Once the configuration is complete, users will have the capability to log in to the Infor Cloud Application and other federated applications using ADFS authentication.

https://www.youtube.com/watch?v=u64Cl29V82U

You are now equipped to configure authentication and establish federation between the Cloud Portal and the Microsoft ADFS Identity provider (IdP).

Resources

Help documents on configuring theADFS SAML Federation with Infor CloudSuite.

• Prerequisites and basic parameters * Adding ADFS configuration to Infor CloudSuite * Adding Infor CloudSuite to ADFS * Infor OS user provisioning to Infor CloudSuite * Enabling ADFS as IDP in Infor CloudSuite * Testing

Additional Federated Security Configurations:

• SAML 2.0 * WS-Trust

For additional Identity provider federations and User Provisioning setups, feel free to explore the Security and User Management with Infor Federation Services playlist.

https://www.youtube.com/playlist?list=PLbzqMzjlWI2bo5WJ81JlYk6SyjNeWeJFL

Business Problem

Your organization requires a seamless and secure access management solution for users accessing the Cloud Portal. The goal is to enable users to utilize their corporate user account credentials for authentication into the Cloud Portal while facilitating account management and setup processes. To achieve this, integration with Google's Identity Provider is sought to implement Single Sign-On (SSO) and manage corporate user accounts using the SAML federation protocol.

Components

• Security * Portal * Security & User Management Best Practices

Requirements

• Access to an Infor Cloud Portal * User privileges for Infor Federated Service (IFS) User Management with the following roles: * IFSApplicationAdmin * Infor-SystemAdministrator * Portal-ContentAdministrator * UserAdmin * Optional Infor U courses: * Infor OS: Identity and Access Management Fundamentals Workshop

Tutorial

Difficulty: Medium Estimated completion time: 30 Minutes

Infor Cloud (specifically inforSTS or Infor Security Token Service) offers the possibility of federation with the Google Identity Provider. This integration allows access to corporate user accounts and facilitates Single Sign-On (SSO) functionality for accessing the Infor Cloud Portal and associated enterprise applications. Infor's support for the SAML 2.0 protocol aligns seamlessly with Google Identity Provider federations. Additionally, the Cloud portal streamlines user provisioning through the SCIM (System for Cross-domain Identity Management) interface, with compatibility ensured with the Google identity provider's SCIM capabilities.

IFS Federated Security and the Federation Hub handles the Cloud's Federation between Cloud Portal and Google Identity Provider.

Business Objectives

1. Enhanced Security : Strengthening authentication mechanisms through SAML Federation with Google Identity Provider bolsters security measures, mitigating risks associated with unauthorized access, data breaches, and cyber threats. By centralizing authentication processes and leveraging Google's robust security features, the organization can safeguard sensitive data and protect against potential vulnerabilities 2. Improved User Experience : Simplifying authentication processes and providing a seamless login experience contributes to enhanced user satisfaction. By eliminating the need for multiple sets of credentials and reducing authentication barriers, users can navigate the Cloud Portal and associated applications more efficiently, leading to increased user adoption and engagement. 3. Streamlined Access Management : The integration facilitates Single Sign-On (SSO) capabilities, enabling users to access the Cloud Portal and enterprise applications seamlessly using their corporate credentials. This streamlines access management processes, reduces password fatigue, and enhances user experience, ultimately boosting productivity and operational efficiency.

Interested in setting up Single Sign-On (SSO) using SAML with Google within Infor Federation Services and seeking guidance on the process:

In this video, we'll walk you through the process of setting up SAML (Security Assertion Markup Language) federation between the Infor Cloud Application and the Google Identity provider. Once the configuration is complete, users will have the capability to log in to the Infor Cloud Application and other federated applications using Google authentication.

https://www.youtube.com/watch?v=ETgjcFvVNcs&list=PLbzqMzjlWI2bo5WJ81JlYk6SyjNeWeJFL&index=2

You are now equipped to configure authentication and establish federation between the Cloud Portal and Google's Identity provider (IdP).

Resources

Help Documents on configuring theGoogle SAML Federation with Infor Cloud Portal

• Prerequisites and basic parameters * Exporting Infor CloudSuite Metadata * Adding Infor CloudSuite to Google G-Suite * Adding Google G-Suite configuration to Infor CloudSuite * Google G-Suite user provisioning to Infor CloudSuite * Enabling Google G-Suite as IDP in Infor CloudSuite * Testing

Other Federated Security Configurations

• SAML 2.0

To explore additional Identity provider federations and SCIM user provisioning setups, feel free to explore the Security and User Management with Infor Federation Services playlist.

https://www.youtube.com/playlist?list=PLbzqMzjlWI2bo5WJ81JlYk6SyjNeWeJFL

Business Problem

Your organization is experiencing significant challenges in managing user identities and access permissions across the cloud applications. The manual processes currently in place are time-consuming, error-prone, and lack the scalability needed to support your growing user base and expanding range of applications. To address these issues, you need to streamline and automate user provisioning and de-provisioning processes while ensuring robust security and compliance standards.

Components

• Security * Portal * Security & User Management Best Practices

Requirements

• Access to an Infor CloudSuite * User privileges for Infor Federated Service (IFS) User Management with the following roles: * IFSApplicationAdmin * Infor-SystemAdministrator * PortalContentAdministrator * UserAdmin * Optional Infor U courses: * Infor OS: Identity and Access Management Fundamentals Workshop

Tutorial

Difficulty: Medium Estimated completion time: 30 Minutes

Implementing SCIM (System for Cross-domain Identity Management) user provisioning in the Infor Cloud Portal with Azure Active Directory (AzureAD) as the identity provider will automate the provisioning and de-provisioning of user accounts. This ensures seamless integration, as well as efficient and secure management of user identities.

Business Objective

1. Automation and Efficiency: * Reduce Manual Effort: Automate user account management processes to minimize manual intervention and associated errors. * Accelerate Onboarding and Offboarding: Speed up the onboarding process for new employees and ensure timely de-provisioning of user accounts for departing employees. 2. Improved Security and Compliance: * Enhanced Access Control: Ensure that user access is consistently aligned with organizational policies and role-based access controls. * Compliance and Auditability: Maintain comprehensive audit trails and compliance with industry regulations through automated provisioning and de-provisioning processes. 3. Scalability: * Support Organizational Growth: Provide a scalable identity management solution that can accommodate an increasing number of users and applications. * Centralized Management: Simplify user identity and access management by centralizing it through AzureAD. 4. User Experience: * Consistent User Data: Ensure that user information is consistent across all applications and systems. * Streamlined Processes: Improve overall user experience by reducing delays and errors in account provisioning.

This video provides instructions on how to configure AzureAD SCIM to automate the provisioning, deprovisioning, updating, and maintenance of user accounts in the cloud portal.

Familiarize yourself with the Infor Security Federation page and the Microsoft Azure SCIM setup procedures.

https://www.youtube.com/watch?v=loJJVJ0DaQw

By following the instructions in the video, you should now be able to set up the SCIM connection between the Cloud Portal and Microsoft's AzureAD Identity provider (IdP).

Resources

Help documents on configuringAzure AD SCIM with Infor CloudSuite.

• SCIM Accounts * Adding a SCIM user identifier and password * Deleting a SCIM user identifier and password * SCIM Groups * Adding a security role to a SCIM group * Removing a security role from a SCIM group * Settings > General Settings * Manage Features * SCIM Service

For more information on identity provider federations and user provisioning setups, be sure to explore the Security and User Management with Infor Federation Services playlist.

https://www.youtube.com/playlist?list=PLbzqMzjlWI2bo5WJ81JlYk6SyjNeWeJFL

Business Problem

Your organization requires a seamless and secure access management solution for users accessing the Cloud Portal. The goal is to enable users to utilize their corporate user account credentials for authentication into the Cloud Portal while facilitating account management and setup processes. To achieve this, integration with Okta's Identity Provider is sought to implement Single Sign-On (SSO) and manage corporate user accounts using the OIDC (OpenID Connect) federation protocol.

Components

• Security * Portal * Security & User Management Best Practices * IFS IAM Cheat Sheet

Requirements

• Access to an Infor Cloud Portal * User privileges for Infor Federated Service (IFS) User Management with the following roles: * IFSApplicationAdmin * Infor-SystemAdministrator * PortalContentAdministrator * UserAdmin * Optional Infor U courses: * Infor OS: Identity and Access Management Fundamentals Workshop

Tutorial

Difficulty: Medium Estimated completion time: 30 Minutes

Infor Cloud (specifically inforSTS or Infor Security Token Service) offers the possibility of federation with the Okta Identity Provider. This integration allows access to corporate user accounts and facilitates Single Sign-On (SSO) functionality for accessing the Infor Cloud Portal and associated enterprise applications. Infor's support for the OIDC (OpenID Connect) protocol aligns seamlessly with Okta's Identity Provider federations. Additionally, the Cloud portal streamlines user provisioning through the SCIM (System for Cross-domain Identity Management) interface, with compatibility ensured with the Okta identity provider's SCIM capabilities.

IFS Federated Security and the Federation Hub handles the Cloud's Federation between Cloud Portal and Okta's Identity Provider.

Business Objective

1. Enhanced Security : Strengthening authentication mechanisms through OIDC (OpenID Connect) Federation with Okta's Identity Provider bolsters security measures, mitigating risks associated with unauthorized access, data breaches, and cyber threats. By centralizing authentication processes and leveraging Okta's robust security features, the organization can safeguard sensitive data and protect against potential vulnerabilities 2. Improved User Experience : Simplifying authentication processes and providing a seamless login experience contributes to enhanced user satisfaction. By eliminating the need for multiple sets of credentials and reducing authentication barriers, users can navigate the Cloud Portal and associated applications more efficiently, leading to increased user adoption and engagement. 3. Streamlined Access Management : The integration facilitates Single Sign-On (SSO) capabilities, enabling users to access the Cloud Portal and enterprise applications seamlessly using their corporate credentials. This streamlines access management processes, reduces password fatigue, and enhances user experience, ultimately boosting productivity and operational efficiency.

Interested in setting up Single Sign-On (SSO) using OIDC (OpenID Connect) protocol with Okta within Infor Federation Services and seeking guidance on the process:

In this video, we'll walk you through the process of setting up OIDC (OpenID Connect) federation between the Infor Cloud Application and the Okta Identity provider. Once the configuration is complete, users will have the capability to log in to the Infor Cloud Applications and other federated applications using Okta's authentication.

https://www.youtube.com/watch?v=FABQqLFuK-I&list=PLbzqMzjlWI2bo5WJ81JlYk6SyjNeWeJFL&index=6&pp=iAQB

You are now equipped to configure authentication and establish federation between the Cloud Portal and Okta's Identity provider (IdP).

Resources

Help documents on configuring theOkta OIDC Federation with Infor Cloud Portal.

• Prerequisites and basic parameters * Exporting the Infor CloudSuite Callback URL * Adding Infor CloudSuite to Okta * Adding Okta configuration to Infor CloudSuite * Enabling Okta as IDP in Infor CloudSuite * Testing

Other Federated Security Configurations

• SAML 2.0 * OpenID Connect * Okta Active Mode in Infor OS Portal CE * API responses

For more information on identity provider federations and user provisioning setups, be sure to explore the Security and User Management with Infor Federation Services playlist. It offers extensive resources and valuable information on these subjects.

https://www.youtube.com/playlist?list=PLbzqMzjlWI2bo5WJ81JlYk6SyjNeWeJFL

Business Problem

Your organization is experiencing significant challenges in managing user identities and access permissions across the cloud applications. The manual processes currently in place are time-consuming, error-prone, and lacks the scalability needed to support your growing user base and expanding range of applications. To address these issues, you need to streamline and automate user provisioning and de-provisioning processes while ensuring robust security and compliance standards.

Components

• Security * Portal * Security & User Management Best Practices

Requirements

• Access to an Infor CloudSuite * User privileges for Infor Federated Service (IFS) User Management with the following roles: * IFSApplicationAdmin * Infor-SystemAdministrator * PortalContentAdministrator * UserAdmin * Optional Infor U courses: * Infor OS: Identity and Access Management Fundamentals Workshop

Tutorial

Difficulty: Medium Estimated completion time: 30 Minutes

Implementing SCIM (System for Cross-domain Identity Management) user provisioning in the Infor Cloud Portal with Okta as the identity provider will automate the provisioning and de-provisioning of user accounts. This ensures seamless integration, as well as efficient and secure management of user identities.

Business Objective

1. Automation and Efficiency: * Reduce Manual Effort: Automate user account management processes to minimize manual intervention and associated errors. * Accelerate Onboarding and Offboarding: Speed up the onboarding process for new employees and ensure timely de-provisioning of user accounts for departing employees. 2. Improved Security and Compliance: * Enhanced Access Control: Ensure that user access is consistently aligned with organizational policies and role-based access controls. * Compliance and Auditability: Maintain comprehensive audit trails and compliance with industry regulations through automated provisioning and de-provisioning processes. 3. Scalability: * Support Organizational Growth: Provide a scalable identity management solution that can accommodate an increasing number of users and applications. * Centralized Management: Simplify user identity and access management by centralizing it through Okta. 4. User Experience: * Consistent User Data: Ensure that user information is consistent across all applications and systems. * Streamlined Processes: Improve overall user experience by reducing delays and errors in account provisioning.

This video provides instructions on how to configure Okta SCIM to automate the provisioning, deprovisioning, updating, and maintenance of user accounts in the cloud portal.

Familiarize yourself with the Infor Security Federation page and the Okta SCIM setup procedures.

https://www.youtube.com/watch?v=ubkGfjbEiPE

By following the instructions in the video, you should now be able to set up the SCIM connection between the Cloud Portal and Okta Identity provider (IdP).

Resources

Help documents on configuringOkta SCIM with Infor CloudSuite.

• Configuring provisioning for Infor CloudSuite * Features * Requirements * Step-by-step configuration instructions * Enabling the SCIM Service in Infor CloudSuite * Configuring the SCIM agent in Okta for Infor CloudSuite * Group provisioning to Infor CloudSuite * Migrating to the latest app version * Known issues and troubleshooting * SCIM Accounts * Adding a SCIM user identifier and password * Deleting a SCIM user identifier and password * SCIM Groups * Adding a security role to a SCIM group * Removing a security role from a SCIM group * Settings > General Settings * Manage Features * SCIM Service

For more information on identity provider federations and user provisioning setups, be sure to explore the Security and User Management with Infor Federation Services playlist.

https://www.youtube.com/playlist?list=PLbzqMzjlWI2bo5WJ81JlYk6SyjNeWeJFL

Business Problem

Your organization is experiencing significant challenges in managing user identities and access permissions across the cloud applications. The manual processes currently in place are time-consuming, error-prone, and lack the scalability needed to support your growing user base and expanding range of applications. To address these issues, you need to streamline and automate user provisioning and de-provisioning processes while ensuring robust security and compliance standards.

Components

• Security * Portal * Security & User Management Best Practices * IFS IAM Cheat Sheet

Requirements

• Access to an Infor CloudSuite * User privileges for Infor Federated Service (IFS) User Management with the following roles: * IFSApplicationAdmin * Infor-SystemAdministrator * PortalContentAdministrator * UserAdmin * Optional Infor U courses: * Infor OS: Identity and Access Management Fundamentals Workshop

Tutorial

Difficulty: Medium Estimated completion time: 30 Minutes

Implementing SCIM (System for Cross-domain Identity Management) user provisioning in the Infor Cloud Portal with OneLogin as the identity provider will automate the provisioning and de-provisioning of user accounts. This ensures seamless integration, as well as efficient and secure management of user identities.

Business Objective

1. Automation and Efficiency: * Reduce Manual Effort: Automate user account management processes to minimize manual intervention and associated errors. * Accelerate Onboarding and Offboarding: Speed up the onboarding process for new employees and ensure timely de-provisioning of user accounts for departing employees. 2. Improved Security and Compliance: * Enhanced Access Control: Ensure that user access is consistently aligned with organizational policies and role-based access controls. * Compliance and Auditability: Maintain comprehensive audit trails and compliance with industry regulations through automated provisioning and de-provisioning processes. 3. Scalability: * Support Organizational Growth: Provide a scalable identity management solution that can accommodate an increasing number of users and applications. * Centralized Management: Simplify user identity and access management by centralizing it through OneLogin. 4. User Experience: * Consistent User Data: Ensure that user information is consistent across all applications and systems. * Streamlined Processes: Improve overall user experience by reducing delays and errors in account provisioning.

This video provides instructions on how to configure OneLogin SCIM to automate the provisioning, deprovisioning, updating, and maintenance of user accounts in the cloud portal.

Familiarize yourself with the Infor Security Federation page and the OneLogin SCIM setup procedures.

https://www.youtube.com/watch?v=H2kuVRFLS08&list=PLbzqMzjlWI2bo5WJ81JlYk6SyjNeWeJFL&index=4&t=7s

By following the instructions in the video, you should now be able to set up the SCIM connection between the Cloud Portal and OneLogin's Identity provider (IdP).

Resources

Help documents on configuringOneLogin SCIM with Infor CloudSuite.

• SCIM Accounts * Adding a SCIM user identifier and password * Deleting a SCIM user identifier and password * SCIM Groups * Adding a security role to a SCIM group * Removing a security role from a SCIM group * Settings > General Settings * Manage Features * SCIM Service

For more information on identity provider federations and user provisioning setups, be sure to explore the Security and User Management with Infor Federation Services playlist. It offers extensive resources and valuable information on these subjects.

https://www.youtube.com/playlist?list=PLbzqMzjlWI2bo5WJ81JlYk6SyjNeWeJFL

Business Problem

You want to increase and enhance the authentication security to users accessing the Infor Cloud by implementing multi-factor authentication (MFA). MFA is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application.

Components

• Security * Portal

Requirements

• Access to an Infor CloudSuite * User privileges for Infor Federated Service (IFS) User Management with the following roles: * IFSApplicationAdmin * Infor-SystemAdministrator * PORTAL-ContentAdministrator * UserAdmin * Optional Infor U courses: * Infor OS: Identity and Access Management Fundamentals Workshop

Tutorial

Difficulty: Medium Estimated completion time: 30 Minutes

While the Infor Cloud uses MFA via the customer federated connection handled by the customer's identity provider, it is also possible to configure MFA directly on your tenant for internal accounts. We'll guide you through the steps to configure multi-factor authentication (MFA) for internal cloud identity accounts in Infor Cloud.

IFS User Management handles the Cloud Identity MFA configuration and setup. When Multi-Factor Authentication (MFA) is enabled and enforced, you will be prompted to register a device for MFA upon your first authentication with Infor Portal Identities. Depending on the configuration set by the Infor Portal administrator, you can authenticate using Time-based One-Time Password (TOTP), Duo, or both.

This video provides an overview of configuring Multi-Factor Authentication (MFA) in Infor OS using the Infor Federated Service identity management system.

Get acquainted with the Infor User Management General Settings page and the Multi-Factor Authentication Configuration.

https://youtu.be/R3CUZ-ABteA?si=-HDDxowTwxDi5RTS

You should now be able to configure Infor's MFA on the tenant to work with your Infor Cloud identities.

Best Practices

• MFA requirements for user authentication via the federated connection are to be handled by the customers identity provider configuration.

Multi Factor Authentication (MFA) through a Federated Connection

• Authentication to Infor CloudSuite solutions is accomplished by establishing a federation trust between Infor CloudSuite and a customer’s Identity Provider (e.g. ADFS, Ping, Okta, Azure). * Infor CloudSuite solutions do not require Multi-Factor Authentication (MFA), however customers may have this requirement. Infor does not support direct MFA configurations within the actual Infor CloudSuite through a federated connection. This means that the MFA is performed at the time of logging into the customer’s domain. Implementation of MFA requires the configuration to be within a customer’s Identity Provider so that MFA occurs on the customer side of the federation trust. MFA design and implementation is the customer’s responsibility. * The process for establishing a federation trust between Infor CloudSuite and a customer’s Identity Provider remains the same whether MFA is implemented or not.

• MFA can be enabled and enforced for Infor Cloud identity accounts which can be leveraged for users that do not have access within the customer IdP system.

Multi Factor Authentication (MFA) using Cloud Identity authentication

Resources

MFA Configuration Page

Help document on the Multi-Factor Authentication Configuration page.

The MFA Configuration page has these settings:

To enable MFA for cloud identity user accounts you need to login into the portal and go to the following

Home -> User Management -> Settings > General Settings

Setting| Description ---|--- Enable MFA| If selected, the MFA status of all users of the tenant becomes Enabled. At the time of login, the user is challenged for a Time-based One-time Password (TOTP) if the user has already registered a device for MFA. Emails to register MFA devices are automatically sent to all administrators. After MFA is enabled, users can register MFA devices from user settings. Enforce MFA| If selected, at the login page, after logging in with first- factor authentication (user name and password), the user is checked for MFA registration. If not registered, the user is required to register for MFA at this point. If already registered, the user is challenged for TOTP. After MFA is enforced, upon initial re-login, the user is prompted to register a device for MFA. Account Lock Settings| This setting specifies the number of allowed failed login attempts before the user's account is soft locked. For example, if the administrator sets this value to 3 , after three failed attempts, the user’s account is locked. Note: When the user's account is locked, an email is sent to notify the user that the account is locked. The administrator can specify the amount of time before the user's account is unlocked. This setting is Security Administration > Password Management. Authentication Method| The methods of authentication supported by Multi-Factor Authentication (MFA) are: - TOTP - Duo Note: To use Duo as an authentication method, a Duo customer account is required. - FIDO2 - SMS Note: Currently supported for U.S. only.If Enable MFA is selected, the Authentication Method is automatically selected as TOTP. IfEnable MFA is not selected, the Authentication Method is not selected and remains grayed out. #### AdditionalHelp documents on MFA setup and configuration

• MFA login and device registration * TOTP authentication * Duo authentication * Home Realm Discovery

• Editing MFA settings * Supported TOTP methods * Adding a device with TOTP * Adding a device with Duo * Managing devices * Setting a device as a default