The Great Cloud Recalculation

In today’s digital landscape, enterprise systems are indispensable for businesses to stay competitive. But as cloud infrastructure becomes increasingly vital, companies are rethinking their approach to cost management. As Craig Powers highlights in ERP Today, organizations are moving beyond traditional cost-cutting tactics to adopt more strategic “cost takeout” strategies—focused on improving efficiency and reducing waste without sacrificing performance.

Cost takeout involves right-sizing infrastructure, consolidating redundancies, and streamlining operations. Many companies have found that migrating to a new cloud provider, like Oracle Cloud Infrastructure (OCI), offers an opportunity for significant cost reductions. By analyzing their financial structure and leveraging cloud capabilities, companies can unlock savings while setting the stage for future business transformation—especially in areas like data and AI (artificial intelligence). For instance, a global education services company reduced monthly infrastructure costs by 30% and improved scalability, while a retail optimization provider cut labor costs by 40% after moving to OCI. While the potential benefits of cloud migration are clear, the process requires careful planning. Cost takeout isn’t just about finding a cheaper provider, Powers states, it’s about ensuring that the migration process itself is cost-effective. Companies should conduct proof-of-concept trials, analyze total cost of ownership (TCO), and collaborate across IT, finance, and business teams to maximize savings.

Powers concludes for ERP (enterprise resource planning) leaders, this means taking a closer look at your current infrastructure and considering migration to more cost-efficient solutions. As Powers advises, reexamining the financial side of enterprise systems could free up resources for innovation and growth—while optimizing both performance and costs.

 

For Full Article, Click Here

The ERP Acceleration Paradox: 5 Strategies to Beat the 75% Failure Rate

High-profile enterprise resource planning (ERP) failures like Hershey’s $100 million Halloween disaster and Nike’s $400 million overhaul reveal a troubling truth: the rush to deliver “on time and on budget” often derails success. This Acceleration Paradox, according to tech writer Puneet Thakkar, shows that true speed isn’t about cutting corners—it’s about accelerating value realization through smarter strategy, disciplined execution, and a focus on measurable business outcomes. In his article for SSON, Thakkar dives into the troubling statistics behind ERP transformations—and offers five strategic playbooks to beat the odds. He points out the paradox: while companies push for faster, on-time, on-budget ERP roll-outs, the actual success rate is alarmingly low—somewhere between 55% and 75% of ERP projects fail to deliver what they set out to achieve. He argues that real “acceleration” isn’t about rush-launching software, but about speeding up meaningful business value.

The five strategies he recommends are:

  1. Anchor in value, not just technology. Don’t treat ERP as a software purchase. Treat it as a business transformation, with clear targets.

  2. Adopt a modular, agile-friendly architecture. Thakkar advocates composable ERP (“Lego-brick” style) and moving from a big-bang waterfall to a hybrid waterfall + agile delivery model for faster adjustments.

  3. Clean and prepare your data early; don’t leave it until last minute. Data quality isn’t just a tech task—it’s foundational. Prioritise migrating only critical “hot” data, and use AI/ML tools for cleansing.

  4. Embed automation from day one—even through testing and process mining. Use process-mining to reveal your current state, then automate your testing (via RPA) to avoid launch surprises.

  5. Engineer adoption, don’t just train. Training is not enough. Use digital adoption platforms for on-the-job guidance, and build a network of “super users” so the transformation is adopted socially and operationally.

Thakkar emphasizes that a successful ERP isn’t just a “system of record”—it must become an “engine of velocity.” When you align your roadmap to business value, design flexible architecture, clean your data, automate smartly, and prioritize people change, you shift from chasing launch metrics to achieving transformation outcomes.

For Full Article, Click Here

How to find users that report directly under a manager in XM

, ,

Follow the steps below to learn how to find users that report directly under a manager in XM

 

First, in Mingle, go to Infor XM

 

Next, select Admin >> Users

 

Then locate the manager you want to search for users under:

 

Search fore your manager by name, then pick a result:

Now that we have the manager we want, click Find at the bottom and on the right hand side you’ll see all the users that are under this manager.

And that’s all there is to it! Just repeat the steps to view all users under different managers.

APIX Achieves SOC 2 Type 2 Compliance: Strengthening Trust and Security for Our Customers

, ,

At Nogalis, security and trust have always been at the heart of everything we do. Today, we’re proud to announce that our APIX ERP Archive Solution is officially SOC 2 Type 2 compliant — a major milestone that reinforces our commitment to safeguarding your data.

After earning SOC 2 Type 1 compliance earlier this year — confirming the strength of our security design — we set our sights on the next milestone: SOC 2 Type 2. This certification demonstrates that our controls don’t just look strong on paper; they perform reliably in practice, ensuring your data remains protected with the highest standards of security and trust.

Developed by the AICPA, the SOC 2 framework is an independent standard for managing customer data based on five key trust principles: security, availability, processing integrity, confidentiality, and privacy. Meeting these standards confirms that our internal controls and processes align with the most rigorous data protection requirements.

Our SOC 2 Type 2 assessment was conducted by independent auditing firm Sensiba LLP, who worked closely with our team throughout the process. Their expertise, professionalism, and partnership were instrumental in helping us reach this milestone.

What this means for you:

  • Your archived ERP data is protected under industry-leading security practices.
  • Our systems are continuously monitored and improved for data integrity and availability.
  • We remain transparent and accountable in every step of our data handling.

We’re proud to share this achievement with our customers and partners, and we’ll continue to invest in security and compliance as part of our promise to deliver the safest, most reliable ERP archiving experience possible.

Thank you for trusting Nogalis and the APIX ERP Archive Solution with your data.

— The Nogalis Team

Simplifying SSO with Infor LTR as STS

, ,

In today’s enterprise environment, seamless and secure access across applications is critical. Organizations increasingly rely on Single Sign-On (SSO) to simplify user authentication and improve security posture. If you’re already leveraging Infor’s suite of products, you might be surprised to learn that Infor LTR (Lawson Technology Runtime)—commonly seen as middleware—can act as a powerful SSO tool, much like Infor OS.

At Nogalis, we’ve helped numerous organizations harness Infor LTR as a Security Token Service (STS), enabling robust, federated SSO integrations across Azure AD, AD FS, Okta, and other SAML 2.0-compliant identity providers. This article outlines how Infor LTR can simplify your authentication landscape while ensuring scalability and security.

What Is Infor LTR?

Infor LTR is the core runtime wrapper for Infor web applications and will be supported until at least 2029. While often viewed as an infrastructure component, it also functions as a flexible STS, enabling secure federated identity across your enterprise apps.

Why Use Infor LTR as Your STS?

  • Federated SSO across multiple Identity Providers (IdPs)
    Infor STS supports Azure AD, MS Entra, AD FS, Okta, and any SAML 2.0-compliant provider.
  • Centralized SAML Authentication
    You can configure all your applications to use Infor STS as the single point of SSO integration.
  • Long-Term Viability
    With support guaranteed into 2029, LTR is a stable investment in your identity infrastructure.

How It Works – The Big Picture

  1. Establish Trust between your application and identity provider using STS.
  2. Exchange Federation Metadata between STS and your IdP.
  3. Configure your applications to delegate authentication to Infor STS.
  4. SAML-based handshake manages identity, assertions, and access.

Installation & Setup

Step 1: Migrate LTR to STS Mode

Using the LTR ISO, mount and run (in a command utility):

setup.exe –v”MIGRATETOSTS=true”

Step 2: Access STS Admin

This is your hub for managing Identity Providers (IdPs) and Service Providers (SPs). You’ll:

  • Add/Edit IdP connections
  • Add/Edit SP connections
  • Download metadata files and certificates

Identity Provider Configuration

🔹 Azure AD

  • Create a Non-Gallery App in Azure
  • Upload the Infor STS SP Metadata file
  • Export the Azure AD IdP Metadata and import it into STSAdmin

🔹 AD FS

  • Add a new Claims-Aware Relying Party Trust
  • Import the Infor STS SP Metadata XML
  • Download FederationMetadata.xml from AD FS and import it into STS

🔹 Okta

  • Create a SAML App Integration in Okta
  • Manually configure Entity ID and endpoints (Okta doesn’t accept SP metadata files)
  • Download and import Okta’s IdP Metadata XML into STS

Application Configuration

In your Infor or third-party app:

  1. Set SSO Service URL to:

https://your-ltr-server.com:9553/inforsts/infor/{GUID}/idp/samlSSO

  1. Configure SAML properties:
    • UsernameField
    • PasswordField
    • SLOUrl
  2. Upload STS signing certificate as the IdP certificate in your app
  3. Export app’s signing cert, then import it into STS Admin

Final Checklist – What You’ve Done

✅ Downloaded IdP federation metadata
✅ Downloaded STS SAML SP metadata
✅ Uploaded metadata files to STS and your IdP
✅ Configured your app to use Infor STS as the SSO provider
✅ Completed mutual trust between your application, STS, and identity provider

Ready to Get Started?

At Nogalis, we specialize in Lawson and CloudSuite implementations, migrations, and custom development. Whether you’re looking to modernize your identity strategy or get more from your Infor investment, we’re here to help.

📧 Contact us at:
Desi Houze[email protected]
Tan Rezaei[email protected]

🔗 Learn more about our Lawson Data Archive Solution

 

Your ERP Is Under Attack: Are You Ready?

As companies accelerate their digital transformation and move Enterprise Resource Planning (ERP) systems to the cloud, the risks of cyberattacks have never been more pressing. In a conversation with cybersecurity experts, Robert Holland, Cloud Leader, WIS & ERP Today, discusses how the centralized role of ERP systems has made them a prime target for attackers. While cloud-based ERPs offer real-time data and streamlined decision-making, they also create new vulnerabilities. In this post, we explore how organizations can better secure their ERP systems in the face of evolving threats.

Experts like Mariano Nunez of Onapsis emphasize that modern ERP systems, especially those in the cloud, are exponentially more exposed than in the past. Recent campaigns against SAP systems have demonstrated that sophisticated threat actors, including nation-states and criminal groups, are capable of exploiting zero-day vulnerabilities, often before patches are available, making timely remediation challenging. Patching delays and the slow rollout process leave systems vulnerable for extended periods.

Security threats have also evolved through social engineering, AI-driven phishing, and increased attack surfaces due to cloud and AI technologies. Organizations must implement multi-layered defenses, adopting strategies like zero-trust models, defense-in-depth, and automation to prioritize and manage security patches effectively. Industry-specific challenges are prominent; for example, healthcare and energy sectors require strict access controls and a security-first mindset to protect sensitive data and ensure operational continuity.

Leadership support and organizational culture are critical. Many organizations struggle to secure executive buy-in, but experts suggest framing cybersecurity as integral to business risk management, especially during ERP modernization initiatives. Continuous innovation in security practices—such as automation and integrated security platforms—is vital to stay ahead of threats.

Looking ahead, Holland stresses that cybersecurity is an ongoing journey, not a one-time project. Organizations must foster preparedness, rapid incident response capabilities, and a culture of security awareness. With the increasing sophistication of attacks—exploiting outdated vulnerabilities, AI-driven social engineering, and cloud vulnerabilities—being proactive is essential. Leaders should adopt a holistic, layered security approach, understand shared responsibility models in cloud environments, and collaborate with specialized vendors like Onapsis to protect their most valuable applications.

In an age of advanced threats, businesses must be ready for potential breaches—whether big or small. Preparing for ERP attacks isn’t just about technology; it’s about fostering a security-conscious culture at every level.

 

For Full Article, Click Here

Grounded by IT: Lessons from the Alaska Airlines Outage

 

If it feels like déjà vu, you’re not alone. Just days after the AWS outage that took down parts of the internet early last week, airline giant Alaska Airlines had to ground all flights across its network due to a major IT failure. First the cloud, now the skies — it’s been a tough week for uptime. While Alaska Airlines quickly clarified that the issue wasn’t a cyberattack, it still highlights how fragile critical systems can be when even one piece of infrastructure goes down. A failure at the airline’s primary data center cascaded across multiple systems, halting flight operations and disrupting travelers nationwide.

For businesses that depend on enterprise resource planning (ERP) and other major information technology (IT) systems — whether that’s for logistics, finance, or customer service — this incident should feel very familiar. Because the truth is, it doesn’t take a massive airline to experience massive downtime.

So, what can companies learn from this?

  1. Don’t rely on “primary” anything. Alaska’s issue started with a single data center. Whether you’re hosting ERP on-premises or in the cloud, redundancy isn’t optional anymore. Active-active data centers or multi-region cloud setups can prevent a single point of failure from turning into a full stop.
  2. Test your disaster recovery plan — for real. Most organizations think they’re ready, but few have actually run a live failover test. Simulating a disaster once or twice a year is one of the best ways to uncover hidden dependencies and response gaps before they happen in production.
  3. Monitor like your business depends on it (because it does). Real-time monitoring and predictive alerts can detect issues before users do. It’s not just about catching downtime — it’s about catching weak signals that something’s about to fail.
  4. Communicate clearly when things go wrong. Even when your systems are down, your communication shouldn’t be. Customers and teams appreciate transparency, and that trust can make all the difference during a crisis.

The takeaway: prepare before you have to react.

Outages like these — whether from AWS, Alaska Airlines, or the next big headline — are reminders that resilience has to be built, not assumed. Every company relying on technology (which is basically every company) should be asking:

  • Do we know how long we can afford to be down?
  • When was our last DR test?
  • Who gets called first when systems go offline?

If those answers aren’t clear, now’s the time to get ahead of it.

At Nogalis, we help organizations strengthen their IT and ERP environments through proactive server maintenance, disaster recovery planning, and 24/7 managed support. Because downtime doesn’t just cost money — it costs trust, momentum, and peace of mind. The next major outage will likely follow AWS and Alaska Airlines and make headlines. Let’s make sure it’s not yours. Contact us today for a free quote.

Export service and identity information using ‘ssoconfig -c’

, ,

A. To export a service, for example, the SSOP without identities:

From the command prompt, type ssoconfig -c  and press Enter.
Enter your password for ssoconfig.
Type 5 for option (5) Manage Lawson Services.
Type 6 for option (6) Export service and identity info.
At the prompt “Do you want to export all services?” type 2 for (2) No.
At the prompt “Enter the services name separated by comma to be exported” type SSOP and press Enter.
At the prompt “Do you want to export the identities (“ALL” or “NONE”).” type NONE and press Enter.
Enter a filename for the export file, such as ssop.xml.
Type 12 or 13 to exit the menu
Locate the file in your current working directory.

 

B. To export ALL services without identities:

Type ssoconfig -c  and press Enter .
Enter your password for ssoconfig.
Type 5  for option (5) Manage Lawson Services.
Type 6  for option (6) Export service and identity info.
At the prompt “Do you want to export all services?” type 1  for (1) Yes.
At the prompt “Do you want to export the identities (“ALL” or “NONE”).” type NONE  and press Enter .
Enter a filename for the export file, such as AllServices.xml
Type 12 for option 12 (Exit).
Locate the file in your current working directory.

 

C. To export ALL services and ALL identities:

From the command prompt, type ssoconfig -c  and press Enter.
Enter your password for ssoconfig.
Type 5 for option (5) Manage Lawson Services.
Type 6 for option (6) Export service and identity info.
At the prompt “Do you want to export all services?” type 1 for (1) Yes.
At the prompt “Do you want to export the identities (“ALL” or “NONE”).” type ALL and press Enter.
Enter a filename for the export file, such as servicesIdent.xml.
The next message will be “Choose format that Lawson Software should export credential information as.”
(1) Encrypted
(2) Opaque
(3) Back
(4) Exit
Type for (Opaque).
Type 12 or 13 to exit the menu
Locate the file in your current working directory.

 

D. To export the SSOP service with identities:

From the command prompt, type ssoconfig -c  and press Enter.
Enter your password for ssoconfig.
Type 5 for option (5) Manage Lawson Services.
Type 6 for option (6) Export service and identity info.
At the prompt “Do you want to export all services?” type 2 for (2) No.
At the prompt “Enter the services name separated by comma to be exported” type SSOP and press Enter.
At the prompt “Do you want to export the identities (“ALL” or “NONE”).” type ALL and press Enter.
Enter a filename for the export file, such as ssopIdent.xml.
The next message will be “Choose format that Lawson Software should export credential information as.”
(1) Encrypted
(2) Opaque
(3) Back
(4) Exit
Type 2 for (Opaque).
Type 12 or 13 to exit the menu

 

E. To list service properties for SSOP:

From the command prompt, type ssoconfig -c   and press Enter.
Enter your password for ssoconfig.
Type 5 for option (5) Manage Lawson Services.
Type 10 for option (10) Manage Service Properties.
Type 3 for option (3) View/List Service Property.
At the prompt for “Enter the SERVICE NAME:” type SSOP and press Enter.
Attach a screenshot of the output.
Type for option 5 (Exit).

 

When the Cloud Goes Down: What the AWS Outage Taught Us

 

Earlier this week, Amazon Web Services (AWS) had a rough day — and so did just about everyone who depends on it. A glitch in one of AWS’s internal systems caused major slowdowns and outages across its biggest region, US-EAST-1, taking down parts of the internet for hours.

Apps like Slack, Venmo, Reddit, and Snapchat all went offline, and many businesses quickly realized just how much they rely on the cloud for everyday operations.

How It Hit Businesses

If your company runs ERP systems, data storage, or integrations in AWS, you probably felt the impact firsthand. When AWS stumbles, it’s not just your website that takes a hit — it’s the entire ecosystem behind it.

I spoke with one client who couldn’t process orders for half a day because their ERP database was hosted in the affected region. Others saw payroll, HR, and reporting tools grind to a halt because they couldn’t reach AWS services. Even businesses with on-premise systems ran into trouble when their AWS-based integrations went dark.

The big takeaway? Cloud outages don’t just cause downtime — they can pause your business if you’re not prepared.

The Real Issue: Access, Not Just Security

We talk a lot about data security and integrity, but this outage was a reminder that availability is just as important. You can have the best security setup in the world, but if your data’s unreachable, you’re still stuck.

Companies with multi-region backups or offline copies of key data were able to keep running. Those who didn’t? They were waiting on AWS to come back online before they could even log in.

How to Be Ready Next Time

Here’s what I tell my clients to think about after an outage like this:

  1. Spread things out. Don’t rely on one AWS region. If you instance allows it , then consider using multi-region replication or even a second cloud for key systems.
  2. Keep backups close. Store critical data somewhere else — or keep encrypted local copies you can access in a pinch.
  3. Have a plan. Make sure your team knows what to do (and who to call) if the cloud goes dark. Test it once or twice a year.
  4. Monitor independently. Use external monitoring tools so you know what’s happening even if AWS’s own systems are struggling.
  5. Know your connections. Map out which apps and vendors rely on AWS. It’s often more than you think.

 

The Bottom Line

This AWS outage wasn’t the end of the world — but it was a good wake-up call. The cloud is amazing, but it’s not bulletproof. Resilience doesn’t happen by accident; it’s something you build intentionally.

If your business runs on AWS or relies on cloud-based ERP systems, take this as a sign to review your setup. A few smart tweaks today can save you a whole lot of downtime (and stress) later.

 

Need a hand?

This is exactly the kind of thing Nogalis helps clients with. Through our Consulting and Managed Services, we help businesses strengthen their IT infrastructure, handle server maintenance, and keep you online with around-the-clock support.

If you’d like to talk about how to make your systems a bit more resilient — and a lot more reliable — let’s chat.