Cloud Portal SAML Federation with AzureAD Identity Provider
Business Problem
Your organization requires a seamless and secure access management solution for users accessing the Cloud Portal. The goal is to enable users to utilize their corporate user account credentials for authentication into the Cloud Portal while facilitating account management and setup processes. To achieve this, integration with Microsoft’s AzureAD Identity Provider is sought to implement Single Sign-On (SSO) and manage corporate user accounts using the SAML federation protocol.
Requirements
- Access to an Infor CloudSuite
- User privileges for Infor Federated Service (IFS) User Management with the following roles:
- Optional Infor U courses:
- Infor OS: Identity and Access Management Fundamentals Workshop
Tutorial
Difficulty: Medium
Estimated completion time: 30 Minutes
Infor Cloud (specifically inforSTS or Infor Security Token Service) offers the possibility of federation with the AzureAD Identity Provider. This integration allows access to corporate user accounts and facilitates Single Sign-On (SSO) functionality for accessing the Infor Cloud Portal and associated enterprise applications. Infor’s support for the SAML 2.0 protocol aligns seamlessly with the AzureAD Identity Provider federations. Additionally, the Cloud portal streamlines user provisioning through the SCIM (System for Cross-domain Identity Management) interface, with compatibility ensured with the AzureAD identity provider’s SCIM capabilities.
IFS Federated Security and the Federation Hub handles the Cloud’s Federation between Cloud Portal and Micosoft’s AzureAD Identity Provider.
Business Objective
- Enhanced Security: Strengthening authentication mechanisms through SAML Federation with the AzureAD Identity Provider bolsters security measures, mitigating risks associated with unauthorized access, data breaches, and cyber threats. By centralizing authentication processes and leveraging AzureAD’s robust security features, the organization can safeguard sensitive data and protect against potential vulnerabilities.
- Improved User Experience: Simplifying authentication processes and providing a seamless login experience contributes to enhanced user satisfaction. By eliminating the need for multiple sets of credentials and reducing authentication barriers, users can navigate the Cloud Portal and associated applications more efficiently, leading to increased user adoption and engagement.
- Streamlined Access Management: The integration facilitates Single Sign-On (SSO) capabilities, enabling users to access the Cloud Portal and enterprise applications seamlessly using their corporate credentials. This streamlines access management processes, reduces password fatigue, and enhances user experience, ultimately boosting productivity and operational efficiency.
Interested in setting up Single Sign-On (SSO) using SAML with AzureAD within Infor Federation Services and seeking guidance on the process:
In this video, we’ll walk you through the process of setting up SAML (Security Assertion Markup Language) federation between the Infor Cloud Application and the AzureAD Identity provider. Once the configuration is complete, users will have the capability to log in to the Infor Cloud Application and other federated applications using AzureAD’s authentication.
You are now equipped to configure authentication and establish federation between the Cloud Portal and Microsoft’s AzureAD Identity provider (IdP).
Resources
Cloud Portal to AzureAD Identity Provider setup through a Federated Connection:
Help Documents on configuring the Azure AD SAML Federation with Infor CloudSuite
- Prerequisites and basic parameters
- Downloading the Infor CloudSuite Metadata
- Adding Infor CloudSuite to Azure AD
- Adding Azure AD configuration to Infor CloudSuite
- Azure AD user and group provisioning to Infor CloudSuite
- Enabling Azure AD as IDP in Infor CloudSuite
- Testing
Azure AD OIDC Federation with Infor CloudSuite
Help Documents on configuring the Azure AD OIDC Federation with Infor CloudSuite
- Prerequisites and basic parameters
- Exporting the Infor CloudSuite Callback URL
- Adding Infor CloudSuite to Azure AD
- Adding Azure AD configuration to Infor CloudSuite
- Enabling Azure AD as IDP in Infor CloudSuite
- Testing
Other Federated Security Configurations
- SAML 2.0
- OpenID Connect
- WS-Trust
- Azure AD Active Mode
- Applications that require electronic signatures call the Infor Cloud Federation Hub WS-Trust interface with the user supplied username and password. When Azure AD Active Mode is enabled, the Federation Hub validates the username and password against the REST API interface of Azure AD.
For additional Identity provider federations and User Provisioning setups, feel free to explore the Security and User Management with Infor Federation Services playlist.