Configuring the Security Policy for IFS Authentication and Automatic Enrolment

There are some features in Security Console to enable you to configure the integration with Infor Federation Services (IFS).

Prerequisites

The SunSystems Application Server must be enabled for Secure Sockets Layer (SSL) connections. See the SunSystems Installation Guide for more information.

For integrations with IFS, ensure Infor Xi has been installed and is working correctly. Refer to the Infor Xi Platform Installation Guide and Infor Xi Platform Administration Guide for more information.

Security Policy

The Security Policy form allows you to configure Security Console for SunSystems login using the Windows authentication, Standard Authentication and IFS authentication for SunSystems Web. To access this form, in User Manager select Settings > Security Policy.

Automatic Enrolment

The Enable Automatic Enrolment option allows users to log in to SunSystems using their Windows log in ID, without you having to manually create their user ID. If you check the Enable Automatic Enrolment check box when Operator Code Generation is not switched on, when you apply the change you are prompted to set up the operator code generation details in the User Creation Settings form.

The prerequisites for automatic enrolment to work are as follows:

  • You must use Active Directory facilities to define the groups you need in SunSystems as Windows domain groups.
  • Operator Code Generation must be switched on in User Creation Settings.
  • There must be at least one group-to-group mapping defined in User Creation Settings.

When these prerequisites are configured correctly, and a new user launches SunSystems, assuming their Windows login is a member of a mapped group, their user ID will be automatically created in SunSystems Security so that the application can continue loading without the need to enter an additional user name and password. If their ID is not a member of a mapped Windows domain group, the user is not created and they are prompted to enter a SunSystems user and password.

Similarly, if the user already exists in SunSystems Security but a change in Windows domain group assignment is detected when they log in, the user is either changed to the new SunSystems operator group, or denied access, depending on the new Windows domain group detected.

Uwaga: If a user is deleted from Active Directory, you should manually delete the corresponding user in Security Console.