Are you struggling with selecting the most secure single sign-on method for JD Edwards? Single sign-on options offer time-saving efficiency for the busy user – when you just need to sign on once, you’d be surprised how much time is freed up for countless other tasks. But security remains a concern, no matter how simple a process may be.
With that in mind, you probably want a more secure and efficient login process. And while there are several different methods of SSO in use today to access JD Edwards and other ERPs, the most secure option in the game – and what is increasingly in your company’s best interest to use – is the JSON Web Token Single Sign-On (JWT SSO).
This article explains why JWT is the best option for enhanced security and ease-of-use, comparing it to the three most common sign-on processes available for JD Edwards login: EnterpriseOne Default Login (E1 Default), Lightweight Directory Access Protocol (LDAP), Single Sign-On (SSO).
We’ll highlight the benefits of JWT for JD Edwards login, and you’ll come away with a better understanding of each SSO option.
Understanding EnterpriseOne E1 Default Login
Traditionally, using EnterpriseOne involves a standard authentication process with a 10-character user ID and password, known as the E1 Default Login. While this method provides a basic level of security, it lacks the advanced features required for enhanced protection in today's digital landscape. In JD Edwards 9.2, the option to implement long, case-sensitive passwords was introduced, offering some improvement. However, it remains the least secure option compared to modern alternatives like LDAP and JWT SSO.
Roughly 50-75% of JD Edwards customers use the standard E1 Default. More and more are switching to using LDAP or SSO. Still, E1 Default can be an effective security framework in many customer situations. This security feature is the tried-and-true option for most customers to begin with, and it is foundational for the other login options.
Exploring Lightweight Directory Access Protocol (LDAP)
LDAP has been available for many years. If you sign into Microsoft Windows, you’re using an LDAP. It contains your login and user metadata, and any groups you belong to or roles you may have. LDAP is enabled at the Enterprise server level, utilizing a directory structure to store and manage user information. All users must be defined within LDAP – that includes E1 service accounts.
LDAP and E1 work together, but there are still some hindrances. For one, E1 doesn’t have any automatic replication capabilities. So, if a user is deleted in LDAP, they will become orphaned in E1. (Oracle generally recommends disabling users instead of deleting them.) LDAP generally enables more control over user access permissions.
Traditional SSO: Single Sign-On Explained
Traditional single sign-on enables users to use a single set of credentials to access various applications and systems. Traditional SSO has been available through Oracle for several years now, certified with both Oracle Access Manager (OAM) and Oracle Identity Cloud Service (OICS). Several third-party solutions are also available, including OKTA/Auth0, Everest International (JDESSO), SSOGEN, OneLogin, Steltix Transparent Logon X10, and more.
Most of these solutions have some type of gateway or proxy server to work with the identity provider – at a cost. The use of single sign-on provides a more centralized repository for credentials and ease of authentication for users across multiple applications. SSO may require additional expertise and time to implement these solutions, depending on the identity provider software in use. This results in increased complexity and effort to implement SSO.
The Benefits of JSON Web Token Single Sign-On (JWT SSO) for JD Edwards Users
JSON Web Token Single Sign-On involves using digitally signed tokens to facilitate secure access to the JD Edwards system. When a user logs in, one of these tokens or JWT is generated and digitally signed, and then sent between the user’s browser and the JD Edwards server. This step creates a two-for-one value for customers, by making access both secure and simplified.
Application Interface Services (AIS), which is used for Orchestrations, has included the JWT option since E1 tools 9.2.0.5. Several enhancements have occurred to JWT with JD Edwards along the way. Java Application Server (JAS/HTML) has had the JWT option since tools 9.2.5.4 and later. This is key enhancement to allow various identity providers (IDPs) such as Microsoft Azure AD or possibly (ADFS), Okta/Auth0, and others to provide authentication services to E1.
JWT SSO + JD Edwards = A Powerful Combination
By leveraging JWT SSO for your JD Edwards system, you ensure a secure and streamlined login process, with a tamper-proof transmission of authorization information between systems, helping to reduce the risk of data breaches and unauthorized access. To dive deeper into the various authentication options, watch our on-demand webinar by Frank Jordan.
Why You Should Use JSON Web Token
For personalized advice on implementing JWT SSO in your company, contact our advisory team today.
Topics:
