Skip to content

User Authentication & Authorization

After a fresh installation, there are a few configurations that should be done before the application can be used properly.

Securing Administrator User

  • Create a separate admin user account with the FND_ADMIN permission set for high-privileged administration, such as a break-glass scenario.

  • Create separate user accounts to provide segregated admin functions. i.e., a separate user account with only enough privileges to provision new low-privileged IFS user accounts and another admin account for Integration related areas.

  • Limit the number of Security Administrator roles to a few people who are responsible for security.

  • Disable the IFS Administrator user account by rendering it inactive.

Securing User Accounts

  • Set your preferred Password setting for new users. To Change the settings, navigate to Solution Manager > Users and permissions > Users > User and press View User Creation Settings. Please refer to Users for more information. For password setting Email, it is necessary to configure the IAM SMTP Mail Servers.

  • Set a Password Policy to protect your user accounts by enforcing a strong password for users.

  • Many customers use External Identity Providers like Azure, Okta or Forgerock to maintain users and Athentication. For OpenIdConnect Supported External Identity Providers, IFS IAM can act as the Identity Broker. To configure external IDP support, please refere External Identity Provider.

## New Users

There are two options to create users in IFS Cloud. - Manual User Creation

IFS Users in IFS User registry in database can be created and managed by using the User page in Cloud Web. The user concept is described in [Users Overview](../../../../../030_administration/010_security/010_users/index.md).
  • User Provisioning through SCIM

    Users can be provisioned from another identity service like Azure AD based on SCIM protocol. For provisioning users with SCIM, please refer to SCIM - System for Cross-Domain Identity Management.

  • Categorize users and user groups by security role and restrict access based on those roles. Please refer to User Groups for more information.

## Configure Permission Sets

IFS Cloud User Authorization handles using Permission Sets.

  • Grant users access that allows only the level of information required to do their job.

  • Handle permissions through User Groups as a best practice.

Read more about domain Security.