Service Provider Configuration

The Service Provider page is used to configure and manage third-party applications integrated with External Entities for authentication. From this page, administrators can add, edit, or delete service providers.

These federation protocols are supported:

  • SAML 2.0
  • WS Federation
  • OpenID Connect (OIDC)

In all integrations:

  • The third-party application acts as the service provider (SP).
  • The External Entities Federation Hub acts as the identity provider (IdP).
  • Applications must support both single sign-on (SSO) and single logout (SLO).

Managing identity provider certificates

Tenant administrators can select the Identity Provider (STS signing) certificate to support certificate rotation.

  1. In the Infor OS Portal select OS application and click the External Entities tile.
  2. Click the Details tab.
  3. From the Identity Provider Certificate list, select a certificate.

Single logout (SLO) requirements

Third-party applications must support IdP-initiated single logout.

  • The Federation Hub sends logout requests to all applications in the user session.
  • SAML applications must return a signed logout response with a success status.
  • OIDC applications support front channel logout only.
  • Web-based applications must implement SLO.
  • Applications must fail gracefully if the user session has already expired.
  • Logout processing must be completed within 500 milliseconds.