Replies posted by a.hutchings

12 Replies

L
Sidekick (Customer)
LauraBSidekick (Customer)
asked in Finance (Financials)

Kofax Integration with IFS Cloud?

We have implemented Kofax AP with IFS Cloud and have been live with it since 21R2 (currently 23R1). What information are you looking for? 

1
A
Do Gooder (Customer)
12 days ago
C
Sidekick (Customer)
CRUNDELLSidekick (Customer)
asked in IFS Cloud - New Customers

Aurena Agent best practices for installation

Hi Chris,Essentially we have 4 scripts:Install Script Runs the MSI installer with arguments for each environment (runs the MSI 3 times just to auto-populate the allowed_hosts.txt) Modifies some registry keys to ensure it is detected (old problem that stopped the agent being detected by IFS, might no longer be relevant) Uninstall Script Uninstalls the software Detection Script Reads the allowed_hosts.txt text and checks is the Hash value is old. If it is flags for remediation Remediation Script If above is true replaces the old Hash with new hash in text file Essentially every year we find get new cert hash and update our remediation / detection scripts to update all computers. We use the install and uninstall for new deployments / automating software updates.At the same time we then update our IFS Print Agents as they also fall over with cert changes. All scripts are powershell.

4
C
Sidekick (Customer)
13 days ago
B
Do Gooder (Customer)
BradGDo Gooder (Customer)
asked in IFS Cloud - New Customers

SOX Controls, Users who have not accessed the application within a 90 day period are locked to restrict access to the application.

I think looking at the above suggetion seems to be a good approach if looking for an IFS native solution.If your using Entra ID as your IDP for IFS you could also manage this through Azure’s Log Analytics Workspace. The benefit here is you can use the same design for all SSO apps managed by that IDP if they fall under the same compliance scope.Hope that provides some ideas.

3
B
Do Gooder (Customer)
1 month ago
J
Do Gooder (Customer)
jnagatiDo Gooder (Customer)
asked in IFS Cloud - New Customers

Oops, something went wrong

Hi jnagati,From my experience this is one of two things:Directory ID is incorrect UPN / Directory ID don’t matchOn the second one this is more if something has changed on the Azure side. Please note I am not 100% on this so take this with a pinch of salt.As far as I could tell the first time a user connects via SSO the GUID of the user is mapped to their UPN and stored in IFS. For future SSO IFS uses sees that it has this matched email for this Azure GUID and matches the cached email value to match with the directory ID.Therefore if a UPN has changed after the first login it can cause a mismatch. We got around this by using the email attribute mapping instead but I believe you can now clear this cached value in IFS somewhere (not sure as never had to do it).Hopefully this is of some help!

2
A
Do Gooder (Customer)
4 months ago
J
Do Gooder (Customer)
jnagatiDo Gooder (Customer)
asked in IFS Cloud - New Customers

Cybersecurity test prior to the go live

Hi Jnagati,There is no easy response to this question as there are too many variables. This advice should be coming from your internal IT Security Ops team and consider the following areasHow accessible is the environment (frontend / backend)? What security standards are you trying to meet? How are you managing access to the environment? Administrator Access vs Standard Users From your message I get the impression that your looking for a vulnerability checking tool. You can use products like Tenable, Rapid7 or Qualys for this type of check (separate product).However a this will only check for vulnerabilities in the platform and your security strategy should more broad than this. For example:User Account Protection Are users protected by just a username and password. If the environment is publicly accessible you should consider having 2 factor authentication. Users vs Admins Admins shouldn't be using the generic system accounts for daily use even in testing environments (IFSAPP etc).

1
A
Do Gooder (Customer)
7 months ago
J
Do Gooder (Customer)
jnagatiDo Gooder (Customer)
asked in IFS Cloud - New Customers

Security configuration

Hi Jnagati,For the native IAM in IFS Cloud this can be done via this screen: “Solution Manager\Users and Permissions\Identity and Access Manager\Password Policies”However if your IFS Cloud is publicly available I would recommend using an external identity provider that can provide MFA (Such as Azure AD). 

2
C
Sidekick (Customer)
8 months ago
C
Sidekick (Customer)
CRUNDELLSidekick (Customer)
asked in IFS Cloud - New Customers

Aurena Agent best practices for installation

We let the users decide if they want it or not but as many users need to use local printers they install it for this. We decided to automate it completely. Things to note:Software should always be installed under the “user context”. I.e. install it using the username for each user who wants to use the program. It doesn't require Admin to install. The HTTPS Certs will rotate (usually yearly). This will be hashed and stored in %LOCALAPPDATA%\IFS\IFSAurenaAgent\allowed_hosts.txt with the connection infoWe use “Intune” to manage our devices. We have created a install/uninstall script that does the install for all our environments on any given device. The user can request the software via our company app store “Company Portal”We have then put in a check that will automatically update the values in allowed_hosts.txt when the certificates rotate (we have a detection and remediation script).Message me if you need more info.

4
C
Sidekick (Customer)
13 days ago
A
Do Gooder (Employee)
Arifmd1705Do Gooder (Employee)
asked in IFS Cloud - New Customers

Data from IFSINFO to Power BI

This question is a bit open-ended. You can request/setup read-access to the back-end database and this could be used to pull data through. Alternatively you could pull the data via APIs.There are pro’s and con’s to each approach to consider (performance & security mainly). Personally I would use the REST APIs as a best practice.

5
Michael Kaiser
Sidekick (Customer)
11 months ago
J
Do Gooder (Customer)
jloubserDo Gooder (Customer)
asked in IFS Cloud - New Customers

IFS Time Clock

Hi,Can’t speak to the specifics. It should be permanent until the cache is cleared for that website’s browser. However we have experienced machines getting kicked out periodically on our site at random (usually after a browser update).

1
A
Do Gooder (Customer)
1 year ago
G
Do Gooder (Customer)
GaryPDo Gooder (Customer)
posted in IFS Cloud - New Customers

IFS Cloud Release 22.2 - Release notes

MASTER ARTICLE What is The Update Release Schedule and Release Details? | IFS Community

4
G
Do Gooder (Customer)
1 year ago
N
Sidekick (Customer)
Neil GuildSidekick (Customer)
asked in Upgrades & Updates

Updating user profiles after migrating from APPS8 to IFS Cloud

Hi Neil,This might not be your issue. But maybe it helps.If your using SAML authentication. This can happen if the correct SAML login was used however IFS was unable to match it to an IFS User.This results in an authenticated user with no permissions. If using SAML try enabling the default IDP for this user and testing that way. If it then works the problem is not permissions but linking the IFS user and SAML user.

8
G
Sidekick (Customer)
1 year ago
ADMCUK
Hero (Employee)
ADMCUKHero (Employee)
asked in IFS Cloud - New Customers

Is it possible to assign multiple roles in the IFS Cloud Build Place to the same user

Just a additional note. We did experience issues when a “support.ifs.com” email was assigned assigned IFS Cloud Build Place roles. We used different emails for Build Place and the portal as a workaround.

2
A
Do Gooder (Customer)
1 year ago

Badges

Show all badges
Terms & ConditionsCookie settings