Cloud SAML Federation with ADFS Identity Provider
Business Problem
You need to handle user login to the CloudSuite Portal and want to use your Corporate user account credentials for authentication into the CloudSuite and assist with account management and setup. You want to integrate with the ADFS Identity Provider to achieve the Single Sign On and corporate user management.
Requirements
- Access to an Infor CloudSuite
- User privileges for Infor Federated Service (IFS) User Management with the following roles:
- Optional Infor U courses:
- Infor OS: Identity and Access Management Fundamentals Workshop
Tutorial
The Infor Cloud (inforSTS or Infor Security Token Service) can be federated with the ADFS identity Provider to give access to corporate user accounts and enable Single Sign On (SSO) capabilities when accessing the Infor Cloud Portal and enterprise applications. Infor supports SAML 2.0 ADFS Identity Provider federations.
IFS Federated Security and the Federation Hub handles the Cloud’s Federation between Cloud Portal and the ADFS Identity Provider.
Business Objective
Business Objective: Streamlining Authentication and Access Control through ADFS Integration
Description: The primary business objective is to enhance the security, efficiency, and user experience of our digital services by integrating with Active Directory Federation Services (ADFS) as an identity provider. This integration aims to centralize and simplify authentication and access control processes, benefiting both our internal employees and external partners or customers who interact with our systems.
Key Goals and Benefits:
- Enhanced Security: By integrating with ADFS, we leverage its robust authentication mechanisms, including multi-factor authentication (MFA) and single sign-on (SSO). This strengthens the overall security posture, reducing the risk of unauthorized access and data breaches.
- Seamless User Experience: ADFS integration enables a seamless and consistent login experience across various applications and platforms. Users only need to log in once to gain access to multiple services, improving convenience and reducing password fatigue.
- Efficient User Management: ADFS integration allows you to manage user identities and access permissions centrally. This leads to more efficient user provisioning, deprovisioning, and role management, streamlining administrative tasks and minimizing errors.
This video provides instructions on the Infor CloudSuite portal to the ADFS SAML federation:
Familiarize yourself with the Infor Security Federation page and the ADFS Federation setup procedures.
Video Here
You should now be able to perform the authentication setup and federation between the CloudSuite portal and the ADFS Identity provider (IdP).
Best Practices
CloudSuite to the ADFS Identity Provider setup through a SAML Federated Connection
- Authentication to Infor CloudSuite solutions is accomplished by establishing a federation trust between Infor CloudSuite and a customer’s Identity Provider (e.g. ADFS).
- Supports SAML 2.0 connect.
- If you have multiple authentication sources, you can have up to 5 identity providers federated to a single lnfor CloudSuite tenant
- Infor supports ldP and SP initiated SSO and SLO.
Important deployment considerations when federating CloudSuite to the ADFS Identity Provider.
- MFA requirements for users authenticating via the ADFS federated connection will need to be configured on the ADFS identity provider configuration.
- lnfor cloud identity accounts can be leveraged for guest or Admin users that do not exist within customers ADFS IdP system.
Resources
Here are a few documents on configuring the ADFS SAML Federation with Infor CloudSuite.
- Prerequisites and basic parameters
- Adding Infor CloudSuite to ADFS
- Adding ADFS configuration to Infor CloudSuite
- Infor OS user provisioning to Infor CloudSuite
- Enabling ADFS as IDP in Infor CloudSuite
- Testing
The Federated Security Configuration page has these settings: