If JavaScript is disabled, please continue to the
sitemap
.
Infor Landmark Technology User Setup and Security Guide
Home
Home
Back
Back
Forward
Forward
Search
Help
Copy URL
PDF
Print this page
Help
Help
Copy URL
Copy URL
Topic URL copied to clipboard
PDF
PDF
Print
Hide the Table of Contents
Show the Table of Contents
Landmark for Administrators
Landmark Security Overview
Landmark Security Introduction
Application Security Architecture
Web Applications
Applications accessed through the web interface
Landmark Security Setup Overview
Using the Administrative Tools
Landmark Administration Tools
The Security Administration Utility (secadm)
Security Administration Utility Command Line
Getting Help from the secadm Utility
Using the Security Administration Menu
Submitting Scripts to the Security Administration Utility (secadm)
Authentication Configuration
Configuring Services for Authentication
Single Sign-On and Application Services Configuration
Services and Authentication
Adding and Modifying Services
To add a service to the system
To update a service
To delete a service
Database Service Configuration
What Are the Methods for Connecting to the Database?
What Is the Process for Configuring Database User Authentication?
Creating the Database Login Scheme and Service
Configuring Identities and Actors for the USE_USER_ID Method
Configuring Identities and Actors for the USE_PRIVILEGED_ID Method
Configuring the Data Area for the Database Access Method
***
To secure the Database Interface Configuration File on Windows
E-Mail Validation
What Is E-Mail Validation?
Setting Up E-Mail Validation
Configuring SSO Domains
What Are Single Sign-on Domains?
What Is the Process for Configuring SSO Domains?
Listing SSO Domains
Viewing SSO Domain Properties
Adding or Updating an SSO Domain
Listing Services Assigned to an SSO Domain
Viewing a Service's SSO Domain Assignment
Assigning Services to an SSO Domain
Deleting a Service's Assignment to an SSO Domain
Adding HTTP Endpoints and Assigning to SSO Domains
To add an HTTP endpoint and assign it to an SSO domain
To change the HTTP endpoint assigned to an SSO domain
Adding HTTP Endpoint Groups
Assigning HTTP Endpoints to HTTP Endpoint Groups
To assign endpoints to endpoint groups (command line)
To assign endpoints to endpoint groups (Infor Rich Client)
Assigning HTTP Endpoints to Services
To assign endpoints to services (command line)
To assign endpoints to services (Infor Rich Client)
Enabling Vulnerability Mitigation
To enable vulnerability mitigation
To test vulnerability mitigation
Security Policies
What Security Policies Can I Define?
Configuring Login Schemes
What Are Login Schemes?
What Are LDAPBind Login Schemes?
Adding or Updating Login Schemes
Creating an LDAPBind Login Scheme (Single Container)
Creating an LDAPBind Login Scheme (Multiple Containers)
Creating an LDAPBind Login Scheme (Multiple Domains)
Deleting Login Schemes
Viewing Login Scheme Information
Listing login schemes
Displaying login scheme properties
Configuring Account Lockout Policies
What Is an Account Lockout Policy?
Adding or Updating Account Lockout Policies
Adding a lockout policy
Updating a lockout policy
Deleting an Account Lockout Policy
Viewing Account Lockout Policy Information
Listing account lockout policies
Viewing the values assigned to a lockout policy
Configuring Password Policies
Password Policies
Adding or Updating a Password Policy
Adding a password policy
Updating a password policy
Viewing Password Policy Information
Listing all password policies
Displaying a password policy
Configuring Password Reset Policies
What Is a Password Reset Policy?
How Are Password Reset Policies and Questions Defined?
Initial System Setup for Password Reset Policies
Determine the Primary Authentication Service (PAS) for the internal domain
Create the service property for GenPwd
Create a do not reply email address
Ensure anonymous user access
Restart Landmark and the application server
Adding (or updating) a password reset policy
Deleting a Password Reset Policy
Viewing Password Reset Policy Information
Listing all password reset policies
Displaying a password reset policy
Viewing Password Reset Policy Details
Requiring Users to Reset Passwords
Requiring an individual user to reset a password
Requiring all users associated with a service to reset their passwords
Creating a custom email template for password reset
Fixing Passwords that have Encountered a PaddBlock Error
List bad passwords
Override bad passwords
Configuring Security Questions and Answers
Adding or Updating a Security Question
Adding a security question
Updating a security question
Example: Adding a New Security Question to SSOPV2
Deleting a Security Question
Viewing Security Question Information
Listing all security questions for a service
Displaying information for an individual security question
Adding or Updating Security Answers
Deleting Security Answers
Viewing Security Answer Information
Listing security answers
To display a security answer
Create endpoints and perform other configuration manually for on-premises installations
Customization Options for Login and Password Reset Pages
Adding your custom logo to the Infor Landmark login and password reset pages
Configuring a custom label for the user name field
Configuring a custom name for the password field
Configuring a custom message string for password retrieval
Configuring CAPTCHA for password reset pages
Displaying a link to redirect existing employees to Employee Self Service
Displaying a link to redirect existing users to Employee Self Service using secadm
Configuring Internet-Facing Applications
Configuring Multiple Endpoints for External and Internal Web Servers on Landmark
Prerequisite procedure: Create a new web server
Create an SSO Domain for External Users
Create an HTTPS Endpoint for the External Domain
Link the New Domain to the HTTPS Endpoint
Create an Endpoint Group
Link the new endpoint to existing services
Activating Internet-facing Application Rules for Landmark
Prepare the rule file for the Employee and Manager Application
Activating the new external domain and the rule file
Creating Configurable Login Pages
What Are Configurable Login Pages?
Creating the Zip File for a Configurable Login Page
Modifying and Adding Files for a Configurable Login Page
To modify existing files for a configurable login page
To add new files for a configurable login page
Updating lsservice.properties for configuring login pages
Activating a Configurable Login Page for Landmark
Troubleshooting Configurable Login Pages
User Administration
Landmark Application User Setup
User Setup Overview
What Is a Landmark User?
What Is the Anonymous User?
How Are Users Managed in a Federated System?
How Are Passwords Managed in a Federated System?
How Can I Create Landmark Users?
Importing Landmark Users
Importing Operating System Users Using the Security Administration (secadm) Utility
Example: Importing a Group of Users
Example: Importing One Identified User
Creating Users Through secadm
Creating an Actor Using the secadm Utility
Enabling or Disabling an Actor Using secadm
Deleting an Actor Using secadm
Adding or Updating an Identity
Removing an Identity
Listing Identities
Linking an Actor to an Agent
Assigning an Actor to an Identity
Using Scripts to Migrate Actors and Agents
To migrate system actors
To migrate system agents
Generating Scripts to Load Actor Information
To generate actor-role assignment scripts
To generate actor context scripts
Creating Users Through Lawson Rich Client Forms and Wizards
Adding Users through Infor Rich Client
Create a user with the Create User Wizard
Assign an employee agent to an actor
Assign a recruiter agent to an actor
Assign a candidate agent to an actor
Create Infor Process Automation users
Resetting User Passwords
Force a user to reset their password
Deleting Users
Deleting and purging actor records: Overview
Delete ActorContext records
Delete the identity/actor record
Delete the identity record
Delete the actor record
Purging an Actor record
Running the Pre-Sync Data Check Feature on the Landmark Server Using secadm
What the report checks
Running the report
Configurable Features for user setup and security
Enable Configurable Features
Disable Configurable Features
Update security roles for Configurable Features
Actor Context templates: Overview
Creating an Actor Context template
Linking a single Actor to an Actor Context template
Linking all Actors to an Actor Context template
Linking an Actor Group to an Actor Context Record
Linking a Role to an existing Actor Context record
Linking a Role Group to an Actor Context Record
Security Administration
Configuring User Access Using Landmark Security
Understanding Landmark Security
What Is the Landmark Authorization Model?
Pessimistic and Optimistic Security Approaches
Default Access Determination
What Are Actor Context Values?
What Are Roles, Rules, and Security Classes?
How Is Access Granted to Users, Actors, or Identities?
Managing User Access
Creating Roles
Assigning Roles to Actors
To assign a role to an actor through secadm
To assign a role to an actor through the Infor Rich Client
To remove roles from actors through secadm
Assigning Actor Context Values
Removing Actor Context Assignments
Adding and Updating Actor Context Properties
Deleting a Context Property
Assigning Security Classes to Roles
To assign security classes to roles through secadm
To assign security classes to roles through the Infor Rich Client
Removing Security Classes from Roles
To remove security classes to roles using secadm
Removing security classes from roles
Listing Defined Security Classes from a Command Prompt
Viewing Securable Object Information
To view securable object information
To view securable object conditions for an actor
To predict securable object access for an actor
Setting Up User Proxies
User proxies
Setting Up User Proxies as an Administrator
Setting up user proxies as an administrator
To set up user proxies as an administrator through secadm
Setting Up a User Proxy as a User
Viewing Proxies as a Grantee
Enabling Security
How Does the Security Run-time System Work?
How Is Authorization Enabled?
Enabling Run-time Authorization
To enable run-time authorization using secadm
Enabling run-time authorization
Configuring Session Management
Configuring Session Timeout for All Users
Configuring Session Timeout at the Domain Level
Configuring a User Session Timeout Warning
Configuring Auto-Logout of Inactive Users
Configuring auto-logout using security administration menus
Configuring from the command line using secadm
Configuring User Access to Environment Components
Controlling Access to the Security Administration utility (secadm)
Controlling User Access to the Security Administration utility
To set up a password requirement for the Security Administration utility
To restrict secadm users to a user group
Maintaining Password Properties for the Security Administration utility (secadm)
To change the secadm password
To enable e-mail password recovery
Authorizing Access to the GEN Product Line
What Are the GEN Security Classes?
GEN Security Classes
Framework classes
What Are the GEN Product Line Roles?
Assigning GEN Security Classes to Roles
Working with Permission BODs
Permission BODs: Overview
Enabling permission BODs
Run permission BODs initially
Creating a schedule for permission BODs to run automatically
Sending / Receiving Data Using PGP Encryption
Configuring Pretty Good Privacy (PGP): General information
Key management and encryption tasks
Services for key management and encryption tasks
Managing PGP key pairs
Generating a key pair
Uploading a PGP public key
Downloading a PGP key using a menu
Deleting a PGP key pair using a menu
Configuring an expiration date for PGP keys
Managing PGP Key Pairs using secadm
Accessing the secadm utility key management menu
Generating a key pair from secadm
Uploading a PGP key using secadm
Downloading a PGP key using secadm
Deleting a key pair using secadm
Encrypting and decrypting using secadm
Encrypting files in the PGP protocol using secadm
Decrypting files in the PGP protocol using secadm
Debugging a security session: Example
Security Reports
Security Reports
Security reports available from the Infor Landmark Administration Console
Running reports from the Administration Console
User Security
Securable Object Policy
Securable Object Access Details
Securable Object Prediction
Securable Object Conditions
Printing and scheduling options
Delete reports that are no longer needed
Role Security Classes By Actor
Role Security Classes Report (nf)
Service Identities By Actor Report
Proxy Assignments Report
Security Reports through secadm
secadm report - Security Administration: View Security Reports
Report Samples
Log Files and Debugging
Landmark security log files: General information
Viewing security logs online from the Security Session Debug list
Configuring a logger for troubleshooting
Debugging a security session: Example
Archiving a log file created through the ViewLog action
Security Class Customization and Import/Export Utilities
Creating Customized Security Classes
Security class customization: Knowledge prerequisites
Methods for creating customized rules
Accessing tools for creating customized security rules
Creating customized security rules through the security administration interface
Using the Condition Builder window
Creating customized security rules using Security Administration for the web: Overview
Using the web-based LPL editor
Deleting security rules
To delete all security rules for a securable object
To delete an individual security rule
Configuring SAML Claim Rules
Create security claim mapping
Create a rule that uses the SecurityClaim
Security Configuration Data Utilities
sccopy - Security Class Copy
scexport - Security Class Export
scimport - Security Class Import
scupdate - Security Class Update
cdexport - Configuration Data Export
cdimport - Configuration Data Import
Vulnerability Mitigation Configuration
Configuring for Vulnerability Mitigation
Vulnerability mitigation properties files
Configuring XSS (cross-site scripting) validation
Configuring session validation
Open link in new tab
Open link in new window
Copy link to clipboard