Description
Work Around
Proposed Solution
Here is the link to the ER - https://ers.infor.com/Ers/SoHoXi/Request/XiDetails.aspx?ced=true&erID=63948&AER=false&tbv=1
Hi Michele,I'ma bit confused about this request, should this not be part of your AD (Active Directory = Microsoft) setup instead of a request to Infor to resolve?
Hi Rene,
AD is not an option because 75% of our team use personal emails and these are not managed or supported thru AD. I am sure many other customers are the same situation as well. With this, it is very difficult to have one software to manage it all, therefore, we count on each software to offer a solution of its own. Currently all other software that we use offers notification upon login for password expiration. All we want this enhancement to do is to notify our team upon trying to login that their password has expired so that they will know to click on the forgot password to reset it. Again, I am sure there are a lot of other customers that believe this would assist their teams as well. I also believe it would cut down on employees accounts be locked and calls for assistance with their logins.
You may also be saying what about the email alerts and why would this not work. Due to security and trying our best to keep our team and company safe, we have stopped any email alerts about password changes because of phishing. I hate to say this but this is the world we live in today; therefore, we are doing everything we can to make sure we keep emails to a minimum especially about password changes and links to password changes but for the forgot password email this is different because the employee initiates it themselves and they know it is coming and what to look for.
I hope this helps and we can get your vote. Please share if you have additional questions. Hope you have a great day!!
Ultimately, neither solution is correct. Infor should implement the open standard, WebAuthn (Guide to Web Authentication (webauthn.guide)) (otherwise known as FIDO2) to enable password-less authentication that eliminates the issue entirely. WebAuthn was developed by the W3C and leading technology vendors (Microsoft, Google, Apple, etc...) to solve password phishing and other issues around authentication for web-based applications and services.
I am not attempting to hijack this post, but I am an Infor CSI Multi-Tenant Cloud customer and we do not currently have AD integration set up. I would be interested in doing this if I could pick and choose the users who should authenticate through AD. Is this possible? Also, does anyone have any documentation they would share on how to set this up?
I believe you can do this, although it would be the reverse unless it has changed since we did this. Your users would need to choose how to authenticate at startup of the application. You can also control who can log in with just email if you would like to add in that layer. I'll search for some documentation and get that to you.
Found the documentation!
The documentation above does not include how to set up AD authentication...that's a bit more involved and would require more in-depth discovery. Just wanted to let you know that what you were asking could be done.