How to find users that report directly under a manager in XM

, ,

Follow the steps below to learn how to find users that report directly under a manager in XM

 

First, in Mingle, go to Infor XM

 

Next, select Admin >> Users

 

Then locate the manager you want to search for users under:

 

Search fore your manager by name, then pick a result:

Now that we have the manager we want, click Find at the bottom and on the right hand side you’ll see all the users that are under this manager.

And that’s all there is to it! Just repeat the steps to view all users under different managers.

APIX Achieves SOC 2 Type 2 Compliance: Strengthening Trust and Security for Our Customers

, ,

At Nogalis, security and trust have always been at the heart of everything we do. Today, we’re proud to announce that our APIX ERP Archive Solution is officially SOC 2 Type 2 compliant — a major milestone that reinforces our commitment to safeguarding your data.

After earning SOC 2 Type 1 compliance earlier this year — confirming the strength of our security design — we set our sights on the next milestone: SOC 2 Type 2. This certification demonstrates that our controls don’t just look strong on paper; they perform reliably in practice, ensuring your data remains protected with the highest standards of security and trust.

Developed by the AICPA, the SOC 2 framework is an independent standard for managing customer data based on five key trust principles: security, availability, processing integrity, confidentiality, and privacy. Meeting these standards confirms that our internal controls and processes align with the most rigorous data protection requirements.

Our SOC 2 Type 2 assessment was conducted by independent auditing firm Sensiba LLP, who worked closely with our team throughout the process. Their expertise, professionalism, and partnership were instrumental in helping us reach this milestone.

What this means for you:

  • Your archived ERP data is protected under industry-leading security practices.
  • Our systems are continuously monitored and improved for data integrity and availability.
  • We remain transparent and accountable in every step of our data handling.

We’re proud to share this achievement with our customers and partners, and we’ll continue to invest in security and compliance as part of our promise to deliver the safest, most reliable ERP archiving experience possible.

Thank you for trusting Nogalis and the APIX ERP Archive Solution with your data.

— The Nogalis Team

Simplifying SSO with Infor LTR as STS

, ,

In today’s enterprise environment, seamless and secure access across applications is critical. Organizations increasingly rely on Single Sign-On (SSO) to simplify user authentication and improve security posture. If you’re already leveraging Infor’s suite of products, you might be surprised to learn that Infor LTR (Lawson Technology Runtime)—commonly seen as middleware—can act as a powerful SSO tool, much like Infor OS.

At Nogalis, we’ve helped numerous organizations harness Infor LTR as a Security Token Service (STS), enabling robust, federated SSO integrations across Azure AD, AD FS, Okta, and other SAML 2.0-compliant identity providers. This article outlines how Infor LTR can simplify your authentication landscape while ensuring scalability and security.

What Is Infor LTR?

Infor LTR is the core runtime wrapper for Infor web applications and will be supported until at least 2029. While often viewed as an infrastructure component, it also functions as a flexible STS, enabling secure federated identity across your enterprise apps.

Why Use Infor LTR as Your STS?

  • Federated SSO across multiple Identity Providers (IdPs)
    Infor STS supports Azure AD, MS Entra, AD FS, Okta, and any SAML 2.0-compliant provider.
  • Centralized SAML Authentication
    You can configure all your applications to use Infor STS as the single point of SSO integration.
  • Long-Term Viability
    With support guaranteed into 2029, LTR is a stable investment in your identity infrastructure.

How It Works – The Big Picture

  1. Establish Trust between your application and identity provider using STS.
  2. Exchange Federation Metadata between STS and your IdP.
  3. Configure your applications to delegate authentication to Infor STS.
  4. SAML-based handshake manages identity, assertions, and access.

Installation & Setup

Step 1: Migrate LTR to STS Mode

Using the LTR ISO, mount and run (in a command utility):

setup.exe –v”MIGRATETOSTS=true”

Step 2: Access STS Admin

This is your hub for managing Identity Providers (IdPs) and Service Providers (SPs). You’ll:

  • Add/Edit IdP connections
  • Add/Edit SP connections
  • Download metadata files and certificates

Identity Provider Configuration

🔹 Azure AD

  • Create a Non-Gallery App in Azure
  • Upload the Infor STS SP Metadata file
  • Export the Azure AD IdP Metadata and import it into STSAdmin

🔹 AD FS

  • Add a new Claims-Aware Relying Party Trust
  • Import the Infor STS SP Metadata XML
  • Download FederationMetadata.xml from AD FS and import it into STS

🔹 Okta

  • Create a SAML App Integration in Okta
  • Manually configure Entity ID and endpoints (Okta doesn’t accept SP metadata files)
  • Download and import Okta’s IdP Metadata XML into STS

Application Configuration

In your Infor or third-party app:

  1. Set SSO Service URL to:

https://your-ltr-server.com:9553/inforsts/infor/{GUID}/idp/samlSSO

  1. Configure SAML properties:
    • UsernameField
    • PasswordField
    • SLOUrl
  2. Upload STS signing certificate as the IdP certificate in your app
  3. Export app’s signing cert, then import it into STS Admin

Final Checklist – What You’ve Done

✅ Downloaded IdP federation metadata
✅ Downloaded STS SAML SP metadata
✅ Uploaded metadata files to STS and your IdP
✅ Configured your app to use Infor STS as the SSO provider
✅ Completed mutual trust between your application, STS, and identity provider

Ready to Get Started?

At Nogalis, we specialize in Lawson and CloudSuite implementations, migrations, and custom development. Whether you’re looking to modernize your identity strategy or get more from your Infor investment, we’re here to help.

📧 Contact us at:
Desi Houze – desi@nogalis.com
Tan Rezaei – tan@nogalis.com

🔗 Learn more about our Lawson Data Archive Solution

 

Your ERP Is Under Attack: Are You Ready?

As companies accelerate their digital transformation and move Enterprise Resource Planning (ERP) systems to the cloud, the risks of cyberattacks have never been more pressing. In a conversation with cybersecurity experts, Robert Holland, Cloud Leader, WIS & ERP Today, discusses how the centralized role of ERP systems has made them a prime target for attackers. While cloud-based ERPs offer real-time data and streamlined decision-making, they also create new vulnerabilities. In this post, we explore how organizations can better secure their ERP systems in the face of evolving threats.

Experts like Mariano Nunez of Onapsis emphasize that modern ERP systems, especially those in the cloud, are exponentially more exposed than in the past. Recent campaigns against SAP systems have demonstrated that sophisticated threat actors, including nation-states and criminal groups, are capable of exploiting zero-day vulnerabilities, often before patches are available, making timely remediation challenging. Patching delays and the slow rollout process leave systems vulnerable for extended periods.

Security threats have also evolved through social engineering, AI-driven phishing, and increased attack surfaces due to cloud and AI technologies. Organizations must implement multi-layered defenses, adopting strategies like zero-trust models, defense-in-depth, and automation to prioritize and manage security patches effectively. Industry-specific challenges are prominent; for example, healthcare and energy sectors require strict access controls and a security-first mindset to protect sensitive data and ensure operational continuity.

Leadership support and organizational culture are critical. Many organizations struggle to secure executive buy-in, but experts suggest framing cybersecurity as integral to business risk management, especially during ERP modernization initiatives. Continuous innovation in security practices—such as automation and integrated security platforms—is vital to stay ahead of threats.

Looking ahead, Holland stresses that cybersecurity is an ongoing journey, not a one-time project. Organizations must foster preparedness, rapid incident response capabilities, and a culture of security awareness. With the increasing sophistication of attacks—exploiting outdated vulnerabilities, AI-driven social engineering, and cloud vulnerabilities—being proactive is essential. Leaders should adopt a holistic, layered security approach, understand shared responsibility models in cloud environments, and collaborate with specialized vendors like Onapsis to protect their most valuable applications.

In an age of advanced threats, businesses must be ready for potential breaches—whether big or small. Preparing for ERP attacks isn’t just about technology; it’s about fostering a security-conscious culture at every level.

 

For Full Article, Click Here

Export service and identity information using ‘ssoconfig -c’

, ,

A. To export a service, for example, the SSOP without identities:

From the command prompt, type ssoconfig -c  and press Enter.
Enter your password for ssoconfig.
Type 5 for option (5) Manage Lawson Services.
Type 6 for option (6) Export service and identity info.
At the prompt “Do you want to export all services?” type 2 for (2) No.
At the prompt “Enter the services name separated by comma to be exported” type SSOP and press Enter.
At the prompt “Do you want to export the identities (“ALL” or “NONE”).” type NONE and press Enter.
Enter a filename for the export file, such as ssop.xml.
Type 12 or 13 to exit the menu
Locate the file in your current working directory.

 

B. To export ALL services without identities:

Type ssoconfig -c  and press Enter .
Enter your password for ssoconfig.
Type 5  for option (5) Manage Lawson Services.
Type 6  for option (6) Export service and identity info.
At the prompt “Do you want to export all services?” type 1  for (1) Yes.
At the prompt “Do you want to export the identities (“ALL” or “NONE”).” type NONE  and press Enter .
Enter a filename for the export file, such as AllServices.xml
Type 12 for option 12 (Exit).
Locate the file in your current working directory.

 

C. To export ALL services and ALL identities:

From the command prompt, type ssoconfig -c  and press Enter.
Enter your password for ssoconfig.
Type 5 for option (5) Manage Lawson Services.
Type 6 for option (6) Export service and identity info.
At the prompt “Do you want to export all services?” type 1 for (1) Yes.
At the prompt “Do you want to export the identities (“ALL” or “NONE”).” type ALL and press Enter.
Enter a filename for the export file, such as servicesIdent.xml.
The next message will be “Choose format that Lawson Software should export credential information as.”
(1) Encrypted
(2) Opaque
(3) Back
(4) Exit
Type for (Opaque).
Type 12 or 13 to exit the menu
Locate the file in your current working directory.

 

D. To export the SSOP service with identities:

From the command prompt, type ssoconfig -c  and press Enter.
Enter your password for ssoconfig.
Type 5 for option (5) Manage Lawson Services.
Type 6 for option (6) Export service and identity info.
At the prompt “Do you want to export all services?” type 2 for (2) No.
At the prompt “Enter the services name separated by comma to be exported” type SSOP and press Enter.
At the prompt “Do you want to export the identities (“ALL” or “NONE”).” type ALL and press Enter.
Enter a filename for the export file, such as ssopIdent.xml.
The next message will be “Choose format that Lawson Software should export credential information as.”
(1) Encrypted
(2) Opaque
(3) Back
(4) Exit
Type 2 for (Opaque).
Type 12 or 13 to exit the menu

 

E. To list service properties for SSOP:

From the command prompt, type ssoconfig -c   and press Enter.
Enter your password for ssoconfig.
Type 5 for option (5) Manage Lawson Services.
Type 10 for option (10) Manage Service Properties.
Type 3 for option (3) View/List Service Property.
At the prompt for “Enter the SERVICE NAME:” type SSOP and press Enter.
Attach a screenshot of the output.
Type for option 5 (Exit).

 

When the Cloud Goes Down: What the AWS Outage Taught Us

Earlier this week, Amazon Web Services (AWS) had a rough day — and so did just about everyone who depends on it. A glitch in one of AWS’s internal systems caused major slowdowns and outages across its biggest region, US-EAST-1, taking down parts of the internet for hours.

Apps like Slack, Venmo, Reddit, and Snapchat all went offline, and many businesses quickly realized just how much they rely on the cloud for everyday operations.

How It Hit Businesses

If your company runs ERP systems, data storage, or integrations in AWS, you probably felt the impact firsthand. When AWS stumbles, it’s not just your website that takes a hit — it’s the entire ecosystem behind it.

I spoke with one client who couldn’t process orders for half a day because their ERP database was hosted in the affected region. Others saw payroll, HR, and reporting tools grind to a halt because they couldn’t reach AWS services. Even businesses with on-premise systems ran into trouble when their AWS-based integrations went dark.

The big takeaway? Cloud outages don’t just cause downtime — they can pause your business if you’re not prepared.

The Real Issue: Access, Not Just Security

We talk a lot about data security and integrity, but this outage was a reminder that availability is just as important. You can have the best security setup in the world, but if your data’s unreachable, you’re still stuck.

Companies with multi-region backups or offline copies of key data were able to keep running. Those who didn’t? They were waiting on AWS to come back online before they could even log in.

How to Be Ready Next Time

Here’s what I tell my clients to think about after an outage like this:

  1. Spread things out. Don’t rely on one AWS region. If you instance allows it , then consider using multi-region replication or even a second cloud for key systems.
  2. Keep backups close. Store critical data somewhere else — or keep encrypted local copies you can access in a pinch.
  3. Have a plan. Make sure your team knows what to do (and who to call) if the cloud goes dark. Test it once or twice a year.
  4. Monitor independently. Use external monitoring tools so you know what’s happening even if AWS’s own systems are struggling.
  5. Know your connections. Map out which apps and vendors rely on AWS. It’s often more than you think.

 

The Bottom Line

This AWS outage wasn’t the end of the world — but it was a good wake-up call. The cloud is amazing, but it’s not bulletproof. Resilience doesn’t happen by accident; it’s something you build intentionally.

If your business runs on AWS or relies on cloud-based ERP systems, take this as a sign to review your setup. A few smart tweaks today can save you a whole lot of downtime (and stress) later.

 

Need a hand?

This is exactly the kind of thing Nogalis helps clients with. Through our Consulting and Managed Services, we help businesses strengthen their IT infrastructure, handle server maintenance, and keep you online with around-the-clock support.

If you’d like to talk about how to make your systems a bit more resilient — and a lot more reliable — let’s chat.

Lawson PR140 is Currently Running – How to Resolve

, ,

Sometimes  you will get this notice: PR140 is Currently Running (Invalid Parameters) may occur even when no PR140 job is waiting for recovery.

 

To fix this issue, look in the LSF database and check for a run flag below.

 

Check PRSYSTEM field PR140_RUN_FLG is R (blank it out or find out why the record is bad).

Also check PRMONITOR (LP00.1) to see if a run flag is flipped there as well. Fix if needed.

 

Then re-run PR132 and PR140 again.

Above is an example of a R (run flag), clear this field and re-run PR132 and PR140. This should resolve everything.

ERP Integration Strategies for a Scalable Finance Infrastructure

Today’s finance teams do a lot more than close the books—they help steer company growth and make quick, data-driven decisions. But that’s tough to do if your systems don’t work together. As a recent article on Fintech Weekly explains, the key to keeping finance agile and scalable is ERP (enterprise resource planning) integration. When your ERP runs separately from payroll, procurement, or accounts payable tools, things get messy. Data gets duplicated, reports don’t match up, and month-end closes drag on. Integrating these systems creates a real-time flow of information, giving finance teams one reliable source of truth.

Why it matters:
Connected systems mean fewer errors, faster reconciliations, and better visibility into cash flow. For example, integrating accounts payable with ERP lets invoices and payments sync automatically—no more manual entry or chasing approvals. CFOs can instantly see how spending affects liquidity.

How to make it work:
Fintech Weekly suggests starting small and building gradually:

  • Clean your data first so everything aligns once systems connect.
  • Use APIs for easier, future-proof integration.
  • Roll out in phases—begin with high-impact areas like invoicing.
  • Enable real-time syncing so your numbers are always current.

In the end, ERP integration does more than automate finance—it turns it into a strategic powerhouse. Teams spend less time fixing errors and more time planning growth.

 

For Full Article, Click Here

The Future of ERP: How Small and Mid-Sized Businesses Can Compete with Giants Using Smart Software

Small and mid-sized businesses (SMBs) face an uphill battle competing with global corporations that have vast resources and advanced technology. In an article from The AI Journal, technology journalist and content specialist Erika Balla explains how smart enterprise resource planning (ERP) systems are helping SMBs close that gap by turning complex, enterprise-grade tools into accessible growth platforms. Modern ERP software like SAP Business One gives smaller companies a unified view of sales, inventory, and finance—all in real time. Instead of relying on scattered spreadsheets, leaders gain clear insights to make faster, data-driven decisions. A study by Aberdeen Group found ERP users report 22% better order accuracy and 17% lower operating costs, results that can transform smaller firms’ efficiency and competitiveness. Balla also notes that Smart ERP automates tasks like invoicing and reporting, integrates departments across finance, supply chain, and customer service, and scales easily as the business grows. Looking ahead, Balla says that cloud deployment, artificial intelligence, and mobile access are making ERP even more flexible and affordable. Cloud platforms eliminate high infrastructure costs, AI enhances forecasting and risk detection, and mobile tools keep teams connected anywhere. Balla concludes that ERP is no longer a back-office luxury—it’s a strategic equalizer. For SMBs, adopting smart ERP early means operating smarter, responding faster, and competing confidently with industry giants.

 

For Full Article, Click Here