Cloud SCIM User Provisioning with Okta Identity Provider
Business Problem
You want to create user accounts on your Cloud Suite and want to use your corporate user accounts for authentication from Okta’s Identity Provider. You can automate the user provisioning on the cloud using SCIM (System for Cross-Domain Management) from Okta’s Identity Provider, which does support and is compatible with SCIM.
Components
Requirements
- Access to an Infor CloudSuite
- User privileges for Infor Federated Service (IFS) User Management with the following roles:
- Optional Infor U courses:
- Infor OS: Identity and Access Management Fundamentals Workshop
Tutorial
The Infor Cloud (inforSTS or Infor Security Token Service) can leverage Okta’s Identity Provider SCIM (System for Cross-domain Management) interface to automate user provisioning, deprovisioning, and updating of user accounts, giving access to corporate user accounts and enabling Single Sign On (SSO) capabilities when accessing the Infor Cloud Portal and enterprise applications.
Okta SCIM User Provisioning with Infor CloudSuite Portal
SCIM (System for Cross-domain Management) Cloud Portal to Okta Identity Provider Configuration
This video provides instructions on how to configure Okta SCIM to automate user provisioning, deprovisioning, and updating of user accounts and maintenance to the cloud portal.:
Familiarize yourself with the Infor Security Federation page and the Okta SCIM setup procedures.
By following the instructions in the video, you should now be able to set up the SCIM connection between the Cloudsuite portal and Okta Identity provider (IdP).
Best Practices
CloudSuite Portal to Okta’s Identity Provider SCIM setup through a Federated Connection
- Authentication to Infor CloudSuite solutions is accomplished by establishing a federation trust between Infor CloudSuite and a customer’s Identity Provider (e.g. Okta).
- Supports SAML 2.0 or OpenlD connect.
- If using Okta’s OpenlD connect federation, the identity provider has to externally accessible.
- If you have multiple authentication sources, you can have up to 5 identity providers federated to a single lnfor CloudSuite tenant
- Infor supports ldP and SP initiated SSO and SLO.
Important deployment considerations when federating CloudSuite to Okta Identity Provider.
- If SCIM is not initially available, user provisioning can be handled manually or by file import or by enabling JIT on the federated connections.
- Custom SCIM mappings may be required and based on the Okta applications user attribute requirements.
- MFA requirements for users authenticating via the Okta federated connection will need to be configured on the Okta identity provider configuration.
- lnfor cloud identity accounts can be leveraged for guest users that do not exist within customers Okta system.
Resources
Okta SAML Federation Migration to Infor STS