Managing user permissions and security

You manage user permissions and security through the Security menu option in the Infor OS application.

This option is available to the user who has one of these security roles:

  • IFSApplicationAdmin
  • DataAdministrator
  • UserAdmin
  • Infor-SystemAdministrator
  • IFS-PasswordAdmin
  • IFS-ReadOnlyUser
  • Infor-SystemAdministrator
  • IFSAdminContact
  • IFSApplicationAdmin
  • IFS-AuditAdministrator
  • IFS-AuditReportUser
  • IFS-EEPasswordAdmin
  • IFS-ExternalEntityAdmin
  • IFS-MonitorAdministrator
  • IFS-MonitorReportUser
  • IFS-ShowUserManagementUI
  • IFS-GroupsAdmin
  • IFS-GroupsUpdate
  • IFS-GroupsReadOnlyUser

To access Security:

  1. Click the Application Menu.
  2. From Applications, select the Infor OS application.
  3. Select the Security tab.

The Security option provides the capability for Infor OS applications to manage users. The users for the Infor OS applications are first created within Security. The user information is then replicated across the different Infor OS applications.

The Security option has the concepts of users, security roles, distribution groups, accounting entities, and locations.

Security has these menu options:

  • Manage
  • Configure
  • Security Administration
  • Metadata
  • Auditing and Monitoring

This table shows the descriptions of each menu option:

Option Description
Manage > Users Used to view and manage users. These actions are available:
  • Adding users
  • Deleting users
  • Importing and exporting users
  • Assigning and unassigning these attributes:
    • Security roles
    • Accounting entities
    • Locations
    • Distribution groups
    • Custom properties
    • ERP Person IDs
    • Client access (access can be revoked)
    • Functional security roles
    • EAM Templates
    • HMS Templates
  • Resetting passwords
  • Viewing user activity
  • Exporting all users
  • Activating users (this option is displayed only when Create Users in Draft Status is enabled)
  • Searching users by using Simple or Advanced Search
Manage > Service Users Used to show all service users that are currently added to the Security system.
Manage > Client Access Used to view and manage clients that users have used to access Infor OS Portal. These actions are available:
  • Revoking client access
  • Searching for clients
Manage > Service Accounts Used to view and manage accounts that have been created to allow applications a resource owner grant to contact the Infor Authorization Service to obtain a token for use in making API requests.
Manage > SCIM Accounts Used to show the URLs for the System for Cross-domain Identity Management (SCIM) service and SCIM user identifiers.
Manage > ERP Person IDs Used to view and manage the ERP person IDs that have been added to your users.
Manage > Contacts Used to view and manage contacts. These actions are available:
  • Adding contacts
  • Deleting contacts
  • Assigning contacts to contact groups
Manage > Contact Groups Used to view and manage contact groups. These actions are available:
  • Adding contact groups
  • Importing and exporting contact groups
  • Deleting contact groups
  • Assigning contacts to contact groups
Manage > Groups Used to view and manage groups. These actions are available:
  • Adding groups
  • Importing and exporting groups
  • Deleting groups
  • Assigning users to groups
Manage > SCIM Groups Used to show details of a SCIM groups.
Manage > Soft Deleted Users Used to view soft deleted users. Admins can restore or hard delete those users.
Manage > Admin Long Running Actions Used to view the status and files of large import and export files for various IFS screens.
Configure > Master Data Types > Security Roles Used to view and configure security roles. These actions are available:
  • Adding security roles
  • Importing and exporting security roles
  • Deleting security roles
  • Assigning users to security roles
  • Assigning documents to security roles
  • Assigning SCIM groups to security roles
Configure > Master Data Types > Accounting Entities Used to view and configure accounting entities. For example, you can assign users to accounting entities.
Configure > Master Data Types > Locations Used to view and configure locations. For example, you can assign users to locations.
Configure > Master Data Types > LN user data defaults sets Used to populate several LN-specific user properties during registration and synchronization.
Configure > Master Data Types > Security access profiles Used to manage and override the general security privileges granted to every user.
Configure > Document Authorizations Used to view and configure document authorizations including assigning security roles to documents.
Configure > Logical ID Associations Used to associate connection point Logical IDs to the application Logical IDs.
Configure > Functional Security Role Used to view all of the function security roles in the system.
Configure > Authorization Claim Values Used to view, edit, and delete authorization claim values.
Configure > Security Role to Security Access Profile Mapping Used to map security roles to security access profiles.
Security Administration > Federated Security Used to view and configure federated security settings including federated single sign on (SSO) using SAML.
Security Administration > Service Provider Used to view and configure service provider settings if your tenant has been configured with service provider options.
Security Administration > Domain Security Used to view and configure an Allowed or Blocked domain list.
Security Administration > Authentication URL Options Used to view and configure the authentication mode. Lists URLs that you can use to access your system with different authentication methods.
Security Administration > ION-Person ID Used to view and configure the default setting for ION Person ID.
Security Administration > Session Configuration Time-out: Used to view and configure the default idle session time-out.

Concurrent Sessions: Used to configure the number of concurrent sessions allowed.
Security Administration > Settings > General Settings Used to view and configure other general settings:
  • Trusted Domains
  • Change Icon
  • Email Settings
  • System Use Notification Settings
  • Manage Features
    • Enable IFS Audit
    • Enable SCIM Service
  • Account Creation Status
    • Create Users In Draft Status
  • Application Specific Settings
    • Do not auto-generate User Alias while creating users
    • Do not auto-generate LN User while creating users
      Note: The check box is displayed only when the Infor LN application is provisioned.
Security Administration > Infor Cloud Identities Configuration: Used to view and configure users who can sign in using Infor Cloud Identities.

Password Management: Used to view and configure password strength and complexity requirements for Infor Cloud Identities.
Metadata > User Properties Used to view and configure options for user properties.
Auditing and Monitoring > Audit Event Search Used to search through the audit logs.
Auditing and Monitoring > Monitoring Search Used to search through the monitoring logs.
Auditing and Monitoring > Security Role Search Used to view the user-to-security role mapping report, security role mapping changes, and the values of the search criteria from the specified date and time range.
Auditing and Monitoring > Settings Used to view audit and monitoring report settings, user activity settings, and Data Lake.