Two Factor Authentication (TFA; 2FA) is a security process in which two methods of authentication are used to verify who you are.

(1)

Two Factor Authentication

For example, one method currently utilized within Infor is your network username and

password. By introducing another method of authentication, such as a PIN code created within an app on your mobile phone, both your network password and the PIN would be used together to authenticate you. In short, two-factor authentication keeps logins secure by preventing access to Infor through password guessing or brute force dictionary attacks. The TFA vendor chosen by Infor is Duo Security.

Duo Security Overview

Most two factor solutions implement secondary authentication by a single method, providing a unique code (either via a soft or hard token). The employee is required to enter this code each time at logon. To make this process easier, Duo Security utilizes “Duo Push”.

Authenticating with Duo Push is as easy as tapping a button on your phone. No phone calls to wait for or passcodes to type in.

(2)

TFA Device Options

A TFA device is “something you have”, such as your smartphone, and provides the key (second factor) method beyond your Infor account and password. The device is uniquely

registered/associated to your Infor account. Duo TFA works in conjunction with a number of different methods. The following is a list of those methods in their order of preference.

Method Description

Duo Push

(Preferred Method)

An application, Duo Mobile, is installed on your smartphone or tablet. An authorization request is made from Infor’s VPN and the request for approval is then sent to your smartphone or tablet. If connected to Wi-Fi, no cellular data plan is needed/used; otherwise, cellular data will be used. Depending on your mobile data plan, additional charges may occur if you elect to use this method on a personal cell phone.

Duo Mobile Same application as above. When launching the application, you manually request a code. No connectivity (mobile or Wi-Fi) is needed for this method. SMS Code Authorization request is made from Infor’s VPN and a text message is sent

from Duo to your smartphone or tablet. Depending on your SMS plan, additional charges may occur. A text message is not needed on each authentication as codes are sent in batches of 10. Please note that Infor will also incur charges if this method is used so we ask that you avoid using this option frequently if possible.

Voice Phone Authorization request is made from Infor’s VPN and a phone call is made to your smartphone or landline. Depending on your mobile voice plan,

additional charges may occur. Please note that Infor will also incur charges if this method is used so we ask that you avoid using this option frequently if possible.

Hardware Token A physical device that generates passcodes. Device purchase is required. Limited availability. TFA tokens will be supplied at the discretion of Infor’s IT Department and will only be supplied if Duo Mobile, Push, SMS or Voice Phone are not feasible options or if they become too expensive due to the usage frequency.

Registering/Adding/Enrolling a TFA Device

Duo's self-enrollment process makes it easy to register and add devices for use with TFA. If you have a ‘smart’ device, you can also install and activate the Duo Mobile application on your smartphone or tablet via this same process. Registering is as easy as logging into VPN via the links provided below. When you login you will be prompted to enroll in Duo TFA.

Step: 1 Open a browser and navigate to the appropriate link below for your region. Note that this should be done from a computer and not the device (smartphone or tablet) that you are enrolling.

Americas: https://vpn-am.infor.com

EMEA: https://vpn-emea.infor.com

APAC: https://vpn-ap.infor.com

China: https://vpn-cn.infor.com

(3)

Step: 3 The Duo Welcome Screen will appear. Click Start Setup.

Step: 4 Choose your primary (default) authenticator/device method for TFA (we recommend using a smartphone if you have one), then click Continue.

Step: 5 Select your country and enter your phone number. Use the number of your smartphone, landline, or cell phone that you'll have with you when you're typically logging into the Infor network. You can enter an extension if you chose "Landline" in the previous step.

Step: 6 Verify that you have entered the number correctly, check the box, and click Continue.

(4)

(5)

iPhone Setup Instructions

Step: 1 On the What operating system does this device run screen select the iPhone option and click Continue.

Step: 2 On your device, access the Apple Application Store and search for and install Duo Mobile.

Step: 3 Once installed, check the “I have Duo Mobile installed” box and click Continue.

Step: 4 Launch Duo Mobile on your device and tap Add Account. If prompted to allow Duo Mobile to send you notifications, click OK.

Step: 5 Accept the License Agreement by tapping Accept.

Step: 6 Tap Add Account on your mobile device. If prompted to allow Duo Mobile to access your camera, tap OK.

Step: 7 Tap Scan Barcode on your device.

Step: 8 Scan the barcode displayed on the Infor SSL VPN Service webpage. See example below:

(6)

If you can’t scan the barcode, click the “click here” link on the web page. You’ll have the option to provide an email address to activate your device. You will need to open the email on the device you are adding.

Step: 9 Once scanned, you’ll receive a notification that the account was added successfully.

Step: 10 Click Continue. You will see your added device. Note that the first device you add will be set as your default authentication device.

Step: 11 If you need to enroll another device, click Enroll another device, otherwise click Done. The process of enrolling another device is similar to when you added your first device:

1) Click Enroll another device.

2) Select the type of device you wish to enroll.

3) Follow the prompts to complete the process of adding another device. Important: Infor requires that you enroll a secondary device to cover cases where your cell phone is unavailable, battery dies, etc. For instance, you can enroll your business direct dial or home phone number to ensure you have a backup method of access. You will need to utilize the second (backup) method in Duo for VPN access should there be an issue with or if you should lose your primary device. You can think of your secondary device as being similar to an extra set of keys you would have for your car. If you lose the primary keys, you have a backup. On the secondary method, make sure it is a completely different physical device since a

(7)

If you need to make changes to an existing device or you wish to add another device, please see the Managing your Devices & TFA Account section of this document.

NOTE: For IOS devices (iPhone, iPad), you may want to change the notification style used by the Duo Mobile application so that the notifications appear more clearly on your device. To do so, follow the steps below.

1. Tap Settings. 2. Tap Notifications.

3. Scroll down and tap Duo Mobile.

(8)

Android Setup Instructions

NOTE: If you are located in China, please follow the steps located here: Android Duo Setup - China

Step: 1 On the What operating system does this device run screen select the Android option and click Continue.

Step: 2 On your device, access the Google Play Store and search for and install Duo Mobile. Step: 3 Once installed, check the “I have Duo Mobile installed” box and click Continue.

Step: 4 Launch Duo Mobile on your device and tap Add Account.

NOTE: Do not scan the bar code in this document.

(9)

3) Follow the prompts to complete the process of adding another device. Important: Infor requires that you enroll a secondary device to cover cases where your cell phone is unavailable, battery dies, etc. For instance, you can enroll your business direct dial or home phone number to ensure you have a backup method of access. You will need to utilize the second (backup) method in Duo for VPN access should there be an issue with or if you should lose your primary device. You can think of your secondary device as being similar to an extra set of keys you would have for your car. If you lose the primary keys, you have a backup. On the secondary method, make sure it is a completely different physical device since a Smartphone can have 4 methods (push, manual code, sms & phone call) of authentication. If you lose the smartphone, you need an alternative device such as a tablet or your desk phone. If you need to make changes to and existing device or you wish to add another device, please see the Managing your Devices & TFA Account section of this document.

Android Note: Some Android tablets run highly customized versions of the Android OS. If there is no automatic notification pop-up, you need to manually launch the App and tap the

(10)

Android Setup Instructions – China

Step: 1 As Google Play is not available for China Android users, please download & install Duo Mobile App using the following link from your mobile device.

https://dl.duosecurity.com/DuoMobile.apk

You can also install Duo Mobile by scanning the following QR code.

Step: 2 You should see the following popup window on your mobile device. Click access to continue.

(11)

Step: 4 When the installation is complete, click open to run Duo Mobile. You can also find the following Duo Mobile Icon in applications list.

Step: 5 Start with Step 3 from the link below to complete the setup process.

(12)

BlackBerry Setup Instructions

You will be required to use a BlackBerry World login to download and install the Duo Security app from BlackBerry World.

NOTE: If you are using a Blackberry device with OS version 7.1 or earlier, you will automatically receive the Duo application from the Infor Blackberry Enterprise Server (BES). To check the OS version on your Blackberry, compose a new email message, enter “myver” (minus the quotes) in the message field and press return. For example: 9800/6.0.0.135 (the last set of numbers is your OS version).

If you already have the Duo application installed, please skip to page 14 of this guide. If you don’t have the Duo application installed, please follow the steps below.

Step: 1 If you do not have a BlackBerry World login, follow the information below to obtain one. 1. Open a browser on your device and navigate to the following link and fill out the

form appropriately.

https://blackberryid.blackberry.com/bbid/registration/registration_eula.seam

You will receive an email from [email protected]. You must click the link to confirm your email address within 72 hours of receiving the email. If you do not confirm your account, you will not be able to use BlackBerry World.

Step: 2 Ensure you have the latest version of BlackBerry World installed on your device. To do so, follow the steps below:

1. Open a browser on your BlackBerry and navigate to the following site: http://appworld.blackberry.com

2. Select the Upgrade Today button.

3. Click Download, select your language and click Next.

4. Click Download and then Replace. You will need to reboot/restart your device. Step: 3 Start the Blackberry World application and search for Duo Mobile.

Step: 4 Select Apps then select Duo Mobile.

Step: 5 Select Download and agree to the License Agreement by clicking I Agree. Step: 6 Click Yes on the Application Permission screen.

Step: 7 Click Open once the installation is complete.

(13)

and click Continue.

Step: 9 Select the BlackBerry OS version your device is running then click Continue.

The setup instructions will be different depending on the BlackBerry OS version you are running. Please select the appropriate BlackBerry version for your phone from the choices below for the correct setup instructions.

BlackBerry 7.1 or earlier

(14)

BlackBerry OS version 7.1 or older setup instructions

Step: 1 Check the “I have Duo Mobile installed” box and click Continue.

Step: 2 Enter your Infor email address and click Send Email.

Step: 3 On your Blackberry device, check your email for a message from Duo Security. Follow the link provided within the email.

(15)

(16)

BlackBerry OS version 10 setup instructions

If you can’t scan the barcode, click the “click here” link on the web page. You’ll have the option to provide an email address to activate your device. You will need to open the email on the device you are adding

(17)

(18)

Windows Phone Setup Instructions

Step: 1 On the What operating system does this device run screen select the Windows Phone option and click Continue.

Step: 2 On your device, access the Windows Application Store and search for and install Duo Mobile.

Step: 3 Once installed, check the “I have Duo Mobile installed” box and click Continue.

Step: 4 Launch Duo Mobile on your device and tap Add Account.

(19)

(20)

Other Mobile Device Setup Instructions

Select the appropriate link for the device you have.

Windows Mobile (previous Version) J2ME/Symbian

Palm

For other cell phones (non-smart phones), continue with these steps below to receive SMS passcodes. Step: 1 On the What operating system does this device run screen select the Other option and

click Continue. The device will be added.

(21)

Managing your Devices & TFA Account

Device management allows you to easily edit and add new devices. To manage your devices, log onto one of the Infor VPN URL’s listed below:

Americas: https://vpn-am.infor.com

EMEA: https://vpn-emea.infor.com

APAC: https://vpn-ap.infor.com

China: https://vpn-cn.infor.com

Once connected, follow the instructions below.

Step: 1 Select the device you want to use to authenticate you. Be sure to have the device with you. Duo Push is the recommended and default method.

Step: 2 Click Manage devices. Check your device for the login request approval. See example below:

Step: 3 Tap Approve and then Confirm.

Step: 4 You can choose to enroll another device or click the Actions dropdown to select the appropriate action. For example, you can change/set your default device from the Action dropdown menu.

If you choose to add a new device, the process will be similar to when you added your first device.

(22)

Using Duo 2FA

Once you’ve completed the initial enrollment and successfully logged in via the VPN URL, all future VPN connections can be done by launching the Cisco AnyConnect client already installed on your computer.

Step: 1 Launch AnyConnect as you normally would and select the appropriate region for your location, such as Americas.

Step: 2 Click the Connect button. You will see an additional (Second) password field.

Step: 3 Enter your Infor network password in the first password field.

Step: 4 In the Second Password field, you have the following methods to authenticate with Duo: Method One (Preferred): To receive a Push notification on your default Duo device, enter “push” (without the quotes) in the Second Password field and click OK. Check your device for a Duo notification and tap Approve then Confirm to connect to VPN. Method Two: Using your default Duo device, open the Duo Mobile app and tap the key icon (see below) to generate a pass code. Enter this code in the Second Password field and click OK.

(23)

Note that these passcodes do not expire but each can only be used once. Once you have used all 10 codes, you would need make another SMS request for additional codes.

(24)

Issues/Troubleshooting

Q. I made a mistake or missed the mobile application setup process and need to make an adjustment A. You can manage your account yourself. Just go to the provided VPN web URL. Choose phone as the authentication option, Duo will call you to complete TFA on the number you provided and then you can add other methods or change it.

After you login via the VPN URL, pick Manage Devices. Your device(s) will be listed. To Activate Duo Mobile, under actions to the right, click and then select Activate Duo Mobile. The GUI will walk you through the process.

Q. I am not receiving the phone call or SMS message on my device

A. Check for the correct number, outside of a typo, the likely cause is that the call or SMS is being blocked to your phone provider. We’ve seen this case in India via the DoNotCall List and we found that registering will block outside messages (via http://ndnc.in)

Q. I didn’t receive a push notification on Duo Mobile?

A. You may need to refresh Duo to check for the notification. Here’s how: 1. Open Duo Mobile on our smartphone.

2. Once opened, swipe down to refresh the screen. Click on the link below to see an example. Screen Refresh

Q. Does it cost me anything to use the service via my personal mobile phone? If so, will I be reimbursed by Infor?

There is no cost for the Duo Mobile smartphone app. If you are not using the Smartphone App, text messages and voice calls are sent only when you request them, and they would be billed by your carrier in the same way that any other text message or call would.

A

ny expenses associated with Duo will be covered under Infor’s current expense rules.

Q: I'm often in a location where I have poor cell coverage; how can I use the service?

A: In cases where cell coverage is not available, use the Duo Mobile App to generate a passcode by selecting the key icon next to “Infor" service in the list. Use the passcode as your second factor. If you're not using a smartphone (and therefore do not have access to the app), generate passcodes in advance via SMS.

Q: I have Duo Mobile installed on my iPhone, but I can’t scan the barcode (the scan window is black) A: It’s possible that when you initially installed Duo Mobile that you didn’t allow Duo to access your camera. To resolve this, on your iPhone, go to Settings and scroll to the bottom of the list and find Duo Mobile. Tap Duo Mobile, Privacy, and then slide the dial to the left (so that it shows green) to allow Duo to access your camera. Try scanning the barcode again.

(25)

A: It’s possible that when you initially installed Duo Mobile that you didn’t allow Duo permissions to send you notifications. To resolve this, on your iPhone, go to Settings and scroll to the bottom of the list and find Duo Mobile. Tap Duo Mobile, Notifications, and then slide the dial to the left (so that it shows green) to allow Duo to send you notifications. You will need to restart your phone to start receiving Duo notifications.

Q: I had to re-register my smartphone within the Duo Mobile application. Now I see Infor listed twice. How do I remove the old entry?