LS as STS switch to AD FS - Required by Infor
According to Infor Support (Infor Xtreme), Effective March 1st, 2019, Infor plans to stop providing discrepancy corrections and updates for the Lawson Security as Security Token Services (LS as STS) authentication mechanism for providing single sign-on (SSO) services to the Infor Lawson version 10 solution.
Here at ClearSky, we have assisted multiple clients in making the switch. In doing so, we have compiled a list of FAQs that you might find worth checking out:
AD FS FAQs:
- Will we need to operate on any of our authorization roles?
- No, ADFS does not affect the authorizations of the applications, authorizations will remain the same. Roles are for authorization, not authentication. ADFS affects authentication.
- Will this impact our set up across other Infor Applications?
- Actually, LS as STS is only utilized for Infor Lawson products. AD FS will serve as your access point across all Infor Applications.
- Aren’t we fine if we are on v10.0.9 or lower? Do we need to switch?
- No, although LS as STS can be utilized, no update will be supporting this after March 1st, 2019. Security components within updates will not work with LS as STS, leaving you vulnerable and without support.
- What will the ADFS log in process look like?
- See the below visual for a brief explanation of the process.
- How long does this process typically take for ClearSky?
- Process time can vary, ClearSky has typically been able to switch one environment in under 40 hours, then mimic each additional environment at a much quicker pace. Contact us to perform an evaluation and estimate on your current environments for a more accurate quote.
- What ADFS versions are supported?
- ADFS 3.0 is certified to work for Ming.le version 11.0; Ming.le 12.0 (Infor OS) supports ADFS 4.0.
- Why do we need ADFS if we already have an existing AD?
- ADFS (Active Directory Federation Services) is different from AD (Active Directory). ADFS will still need to access your AD for authentication.
- How many ADFS servers do we need to provision? What are the hardware requirements?
- You will need to provision one ADFS server for each environment you have (e.g. if you have Test Environment and Production Environment, you will need to provision two ADFS servers). Required hardware/server specification is minimal, and is highly dependent on the number of users in your organization.
- What are the advantages of moving from LS STS to ADFS?
- Fix for the timeout issues inherent in LS STS. There are cases where the timeout is not synchronized across all applications even when explicitly set, thus resulting in various screen issues.
- Lawson will no longer get/process passwords. Authentication will be done BEFORE gh0
- Ease of setting-up two-factor authentication for added security.
- If you decide to host some applications with Infor (e.g. CloudSuite Financials) and keep some on-premise (e.g. Global Human Resource), you can use the same users and authentication to login to both.
- What are the Infor Lawson applications that utilize ADFS?
- LSF, Landmark, Ming.le all use ADFS, with the exception of LBI and MSCM (both of their authentication pass through LSF).
Infor highly recommends partnering with an Infor Certified Partner while executing the transition.
There are multiple configurations possible while making the switch to AD FS. Allow our experts to recommend which configuration would work best for your organization!
For more information about how ClearSky can help you succeed with this project, or any of your Infor Lawson projects, give us a call at 612.746.4070 or email firstname.lastname@example.org.