User authentication
When accessing the Infor Smart Office server, the Grid authenticates the user with the configured Session Provider before forwarding the request to Infor Smart Office server.
By default, all users can log on to Infor Smart Office. To restrict access to certain users, you can use the Role Mapping feature in Grid to control which users are included in the ISO Users role. All users that are included in the ISO Users role are allowed access to Infor Smart Office. By default, all authenticated users belong to the ISO Users role.
For information on how to use the Role Mapping feature, see the administration guide for Grid.
When using Infor Smart Office, its components must authenticate against other applications, such as the M3 Business Engine, Lawson Enterprise Applications, or Infor Lawson BI. Infor Smart Office only handles one user ID and password. All applications used with Infor Smart Office must authenticate against the same user registry, or have some replication of user IDs and passwords between the different user registries.
The Infor Smart Office user will experience single sign on for all of the applications running in Infor Smart Office. The table shows lists the method used by each application.
| Application | Authentication method |
| Infor Smart Office server | Basic Authentication |
| M3 Business Engine | Application-specific protocol |
| IBrix in M3 Workplace | Application-specific protocol |
| Infor Document Management | Basic Authentication |
| Lawson Enterprise Applications | Lawson SSO |
| Infor Lawson BI |
When used with Infor Lawson System Foundation, uses Lawson SSO. Otherwise, uses application-specific protocol. |
| Infor Process Automation | Lawson SSO |
| Landmark | Lawson SSO |
Grid Session Provider
An active Grid Session Provider is required before you install Infor Smart Office.
For more information on how to configure and manage a session provider, see the documentation on Grid.
Lawson Single Sign on (SSO)
Lawson System Foundation uses the Lawson Single Sign on Service (Lawson SSO) to provide single sign-on capabilities for Lawson Enterprise Applications, Infor Process Automation, Infor Lawson BI, and Landmark applications. When LSF is part of the Infor Smart Office configuration, all of these applications authenticate to the LSF LDAP.
Most Lawson System Foundation customers bind their LSF LDAP to a central corporate LDAP. In this scenario, users must be identical in both LDAPs, but to simplify user maintenance, passwords can be maintained only in the corporate LDAP.
If you are a current Lawson System Foundation user installing Infor Smart Office, these LDAP options are available:
- If you do not have a corporate LDAP, you can enable the DSSO Session Provider to authenticate to the LSF LDAP. All Infor Smart Office users and passwords will be maintained in the LSF LDAP.
- You can configure the Grid Session Provider to authenticate to a corporate LDAP server which is bound to the LSF LDAP. You must maintain users in both LDAPs, but can manage passwords in only one LDAP.
- Have the Grid Session Provider and LSF authenticate to separate LDAP servers. This requires you to do user setup and maintenance in two places to ensure that all user names and passwords for Lawson Enterprise Applications, Infor Process Automation, LBI, and Infor Smart Office users are identical in both LDAPs.