You must prepare the application before deploying the global package.
All the dependent packages must be deployed on the target tenant before proceeding with the global package deployment.
Global package parameters
The are certain resources that can be imported into a target tenant that require additional information during a package deployment. The additional resource parameters need to be set during the import.
These Security resources configurations are tenant-specific and they require parameter input to be set during the package deployment:
- SAML service provider
- WS-FED service provider
- OIDC service provider
- Federated Security
- WS-Trust
- Okta Active Mode
- Azure AD Active Mode
- DUO MFA provider
- RSA MFA provider
SAML service provider parameters
| Parameter name |
Description |
Required |
| Display Name |
The user-friendly name given to the service provider. |
Yes |
| Entity ID |
The entity ID is the unique identifier for the service provider in the SAML 2.0 protocol. |
Yes |
| SSO Endpoint |
The URL where the service provider receives the Single Sign On response from the federation hub as part of the SAML 2.0 protocol. |
Yes |
| SLO Endpoint |
The URL where the service provider receives the Single Log Out request from the federation hub as part of the SAML 2.0 protocol. |
Yes |
| Primary Signing Certificate |
The certificate used by the service provider to sign the Single Log Out response. Only sha-256 certificates are accepted. |
Yes |
| Secondary Signing Certificate |
The alternate certificate used by the service provider to sign the Single Log Out response. |
No |
WS-FED service provider parameters
| Parameter name |
Description |
Required |
| Display Name |
The user-friendly name given to the service provider. |
Yes |
| Entity ID |
The entity ID is the unique identifier for the service provider in the WS-Federation protocol. |
Yes |
| SSO Endpoint |
The URL where the federation hub issues the assertion, as a part of the WS-Federation protocol. |
Yes |
Federated identity parameters
| Parameter name |
Description |
Required |
| Display Name |
Name displayed to users during the sign-in process if you allow users to select their own authentication method on the Authentication URL Options page. |
Yes |
| Display Icon |
Icon displayed to users during the sign-in process if you allow users to select their own authentication method on the Authentication URL Options page. |
No |
| IDP Issuer |
The issuer of entityId |
Yes |
| Identity Provider Primary Certificate (Base64-encoded) |
The encrypting certificate public key of the service provider. |
Yes |
| Assertion Consumer Service Url |
The endpoint of the assertion consumer service. |
Yes |
| Single Logoff Service Url |
The endpoint of the Identity Providers single log off service. |
Yes |
WS-Trust identity provider parameters
| Parameter name |
Description |
Required |
| STS Name |
The Security Token Services name of the STS provider |
Yes |
| Service Endpoint |
The service endpoint of the STS provider |
Yes |
Okta Active Mode identity provider parameters
| Parameter name |
Description |
Required |
| Okta Domain URL |
The host name for the Okta API |
Yes |
| Valid Response Status |
The only Okta API responses that IFS will accept. The recommended value is SUCCESS.
If there are more accepted status values, these can be entered as comma separated values. |
Yes |
| Okta Profile Property |
The attribute from the Okta response that must be validated against the IFS database. This field is validated against the IFS user lookup field property. The recommended value is the login. |
Yes |
| Okta API Token |
This is the API token generated in Okta. The Okta API token is required only if the Okta Profile Property is not set to the login. |
No |
Azure AD Active Mode identity provider parameters
| Parameter name |
Description |
Required |
| Axure AD Token Endpoint |
The Azure AD token endpoint. |
Yes |
| Client ID |
The client ID generated from the identity provider |
Yes |
| Client Secret |
The client secret generated from the identify provider. |
Yes |
| Lookup Value |
This specifies which value from the IFS user definition is being used to identify the user. This field is validated against the Look Up Value property. |
Yes |
OIDC identity provider parameters
| Parameter name |
Description |
Required |
| Display Name |
The user-friendly name given to the service provider |
Yes |
| Display Icon |
Icon displayed to users during the sign-in process if you allow users to select their own authentication method on the Authentication URL Options page. |
No |
| IDP Issuer |
The issuer of entityId |
Yes |
| Client ID |
The client ID generated from the Identify provider |
Yes |
| Client Secret |
The client secret generated from the Identify provide. |
Yes |
| Authorization Endpoint |
The authorization endpoint of the OpenID provider for Infor OS to request for a code as part of the OIDC flow. |
Yes |
| Token Endpoint |
The endpoint of the OpenID provider to obtain an ID token and access token |
Yes |
| JWKS URI |
The endpoint that retrieves the keys to validate the signature of the ID token. |
Yes |
| User Info Endpoint |
The endpoint is called by Infor OS to retrieve the user profile information. |
No |
| End Session Endpoint |
The endpoint to be called for logging out the user from the identity provider |
No |
Duo MFA provider parameters
| Parameter name |
Description |
Required |
| DUO Integration Key |
The integration key from the DUO account |
Yes |
| DUO Secret Key |
The secret key from the DUO account |
Yes |
| API Hostname |
The API hostname for the DUO account |
Yes |
RSA MFA provider parameters
| Parameter name |
Description |
Required |
| Client Key |
The client key for the RSA MFA provider |
Yes |
| Hostname |
The hostname for the RSA MFA provider |
Yes |