Customers that are using Lawson V10 & above are quite familiar with LS as STS (Lawson Security as Security Token Service) authentication method. Lawson Security has been used only in Lawson applications and it used to have challenges in integrating with other cloud applications like SharePoint, Landmark, Infor Ming.le, GHR, Learning management etc. Moreover, many of the third-party cloud hosted applications are not supported by LS as STS.
Active Directory Federation Services (ADFS) is a Single Sign-On solution developed by Microsoft® and it’s gaining faster adoption among enterprise customers that wants to enable single sign on authentication to multiple applications that are hosted across different cloud/on perm.
Infor ADFS What You Need To Know
On LS as STS, user have to enter the user id & password that will be used to authenticate against the LS/STS server this will change for ever in ADFS, once the user is logged on to application server
Infor is also using ADFS to authenticate all its other non-Lawson applications and this has been the standard authentication method used across all its Cloudsuite apps. Effective from 1-Mar-19, Infor stopped releasing any patches to LS as STS and issued advisory to all its customers using LS as STS to migrate to ADFS.
Advantages in using ADFS
- Ability to use same logins for both Cloud & On perm Applications
- Supports multi-factor authenticate methods.
- Integration with Cloud based third party Active Directories.
- Claim based authentication, avoiding sharing of any user credential across multiple applications
ADFS is the future of Authentication for all Infor applications and every Infor Lawson customer is expected to upgrade to ADFS for their authentication sooner than later. Whatever the patches that are released after 1st March is going to have ADFS security related components and if the customer is not upgraded to ADFS this is going to break security configurations. So, we strongly encourage that all customers that are in Lawson Security STS to migrate to ADFS.
For the customers that are looking to migrate to ADFS, below is our recommended steps to migrate to ADFS.
After deciding to go for ADFS upgrade, below are some of the activities that you will have to consider
- Plan the Project Schedule to Complete this project
- Identify Dependencies on other 3rd party application
- Identify Right Infor Delivery Partners to Implement the solution
- Availability of Hardware to Implement
Build ADFS Servers
It is identified that separate ADFS servers are required for every instance (e.g) TRN or PROD. Based on your applications architecture, new architecture to be prepared by consultants explaining how the authentication will happen with ADFS. Once architecture design is approved, the ADFS servers can be installed on the identified servers. There are some cases where there is also a need to upgrade Operating systems (Windows). In those cases, the data copy and restore activities has to be monitored thoroughly and a resolution to be submitted.
Once the ADFS servers are ready in Test Servers, the application can be rolled out to small set of key users for detailed testing of authentication process. For Operating system upgrades, detailed testing on data and processes to be conducted.
Roll Out and Optimization
After successful testing and sign off from key users, ADFS authentication can be rolled out to everyone within the company.