SSO Services, Agents and Identities

What Are SSO Services, Agents and Identities?

You can think of an SSO service as a set of attributes that defines how users of a particular Infor Lawson component will be identified to the Single Sign-on engine. All Infor Lawson components for which user access should be tracked, such as Lawson Portal or self-service applications that deal with sensitive data, must have a service.

An agent is a special kind of service used only with Infor Lawson self-service applications. Agents make use of the additional level of security (Company name) that self-service applications provide.

An identity is a user's electronic passport to the service or agent. All users who need access to the Infor Lawson component defined by a particular service or agent must have an identity on the service.

At a minimum, all Infor Lawson installations must have the following services:

  • OS / Environment service: Users who need command line access and who run batch jobs must have identities on this service. All users must be linked to an identity on this service.

  • SSOP service: All Infor Lawson users must have a unique identity on this service. This is service that users authenticate against when they log in.

Depending on the products you license and how you choose to use them, you might also need:

  • DB service: If you want to make use of some special RDBMS authentication features that Infor Lawson System Foundation supports, you might have to create a database service. For more information, see the section "Database User Authentication Overview".

  • Self-service application agents: Self-service applications that make use of MyDataSecurity fields must have agents.

When to Create Services or Agents

For products and components that require services or agents and identities, setup must be performed before users begin working with the Infor Lawson product or component.

The OS/Environment and SSOP services are created at installation time by your Infor Lawson installer.

The DB service might also be created at installation time. Depending on your needs, you or your Infor Lawson installer, might also create it at a later time. If you use products, such as self-service applications, that require agents or services, your Infor Lawson installer might set them up for you, but you might also do it yourself.

Not all Infor Lawson products require their own services or agents. For those that do, your Infor Lawson documentation will tell you that service/agent/identity setup is required and will provide instructions. Setup instructions are either in this document or in the individual product installation or setup guide. (Exceptions are the OS/Environment and SSOP services, which are installed by default when Infor Lawson is installed. This document does contain instructions for changing the OS/Environment and SSOP services.)