On March 1, 2019, Infor will no longer support LS/STS authentication configuration for Lawson applications. The Infor recommended configuration will be to use Active Directory Federation Services (ADFS) for Single Sign-On (SSO) authentication. To learn more about ADFS, check out our other articles on the topic:
- Other Authentication Options for Infor Lawson Applications
- Seven Myths About Implementing ADFS For Infor Lawson
Five Things to Know About Implementing ADFS
Here are some pro tips to help you prepare for your ADFS implementation.
- Version compatibility is important
Before you begin your ADFS implementation, it is important that you verify component compatibility. Check the Lawson compatibility matrix for which version of ADFS is compatible with your versions of Lawson and Ming.le. You must also verify that the version of ADFS you are installing is compatible with your version of Active Directory. Additionally, you will need a minimum Windows Server version of 2012R2 on the server that is hosting ADFS and your domain controllers.
- You might need a new server(s)
The ADFS installation for Infor Lawson applications also requires Infor Federation Services (IFS) to be installed on the same server. If you are not prepared to host IFS on a shared ADFS server, you will need to stand up a new Windows server dedicated to ADFS/IFS for Infor applications.
- There will be small changes in user maintenance
ADFS is an authentication method, and user maintenance will change slightly. For instance, you will be able to disable users right in ADFS rather than having to do it in Lawson Security. Also, there will be a new identity to maintain in Lawson Security. When you implement ADFS, you will need to import all your users into IFS. However, implementing ADFS will not change the user authorization tools. You will still use Lawson Security Administrator (LSA) or Infor Security Services (ISS) to maintain users and roles, and those roles will work the same.
- SSL is required for Infor Lawson applications
All of your Lawson web applications must use HTTPS to be able to implement ADFS. If your web applications are not currently using HTTPS, it is recommended that you make this change prior to implementing ADFS. You will need to choose a certificate authority (CA) and install certificates at each endpoint.
- You need a SQL Server to host IFS databases
IFS will create new SQL Server databases, so you will need to have a SQL Server to host those. You can use a shared database server for this, such as your server that hosts Ming.le data or the server that hosts your Lawson data.
Have more questions? Contact us and setup a free, no obligation call with our installer to answer all your questions.