Business Problem
Your organization requires a seamless and secure access management solution for users accessing the Cloud Portal. The goal is to enable users to utilize their corporate user account credentials for authentication into the Cloud Portal while facilitating account management and setup processes. To achieve this, integration with Microsoft’s AzureAD Identity Provider is sought to implement Single Sign-On (SSO) and manage corporate user accounts using the OIDC (OpenID Connect) federation protocol.
Requirements
- Access to an Infor Cloud Portal
- User privileges for Infor Federated Service (IFS) User Management with the following roles:
- Optional Infor U courses:
- Infor OS: Identity and Access Management Fundamentals Workshop
Tutorial
Difficulty: Medium
Estimated completion time: 30 Minutes
Infor Cloud (specifically inforSTS or Infor Security Token Service) offers the possibility of federation with the Microsoft AzureAD Identity Provider. This integration allows access to corporate user accounts and facilitates Single Sign-On (SSO) functionality for accessing the Infor Cloud Portal and associated enterprise applications. Infor’s support for the OIDC (OpenID Connect) protocol aligns seamlessly with Microsoft’s AzureAD Identity Provider federations. Additionally, the Cloud portal streamlines user provisioning through the SCIM (System for Cross-domain Identity Management) interface, with compatibility ensured with the AzureAD identity provider’s SCIM capabilities.
IFS Federated Security and the Federation Hub handles the Cloud’s Federation between Cloud Portal and AzureAD’s Identity Provider.
Business Objective
- Enhanced Security: Strengthening authentication mechanisms through OIDC (OpenID Connect) Federation with AzureAD’s Identity Provider bolsters security measures, mitigating risks associated with unauthorized access, data breaches, and cyber threats. By centralizing authentication processes and leveraging AzureAD’s robust security features, the organization can safeguard sensitive data and protect against potential vulnerabilities
- Improved User Experience: Simplifying authentication processes and providing a seamless login experience contributes to enhanced user satisfaction. By eliminating the need for multiple sets of credentials and reducing authentication barriers, users can navigate the Cloud Portal and associated applications more efficiently, leading to increased user adoption and engagement.
- Streamlined Access Management: The integration facilitates Single Sign-On (SSO) capabilities, enabling users to access the Cloud Portal and enterprise applications seamlessly using their corporate credentials. This streamlines access management processes, reduces password fatigue, and enhances user experience, ultimately boosting productivity and operational efficiency.
Interested in setting up Single Sign-On (SSO) using OIDC (OpenID Connect) protocol with AzureAD within Infor Federation Services and seeking guidance on the process:
In this video, we’ll walk you through the process of setting up OIDC (OpenID Connect) federation between the Infor Cloud Application and the AzureAD Identity provider. Once the configuration is complete, users will have the capability to log in to the Infor Cloud Applications and other federated applications using AzureAD’s authentication.
You are now equipped to configure authentication and establish federation between the Cloud Portal and AzureAD’s Identity provider (IdP).
Resources
Help documents on configuring the AzureAD OIDC Federation with Infor Cloud Portal.
- Prerequisites and basic parameters
- Exporting the Infor CloudSuite Callback URL
- Adding Infor CloudSuite to Azure AD
- Adding Azure AD configuration to Infor CloudSuite
- Enabling Azure AD as IDP in Infor CloudSuite
- Testing
Other Federated Security Configurations
For more information on identity provider federations and user provisioning setups, be sure to explore the Security and User Management with Infor Federation Services playlist. It offers extensive resources and valuable information on these subjects.