Unit4 Identity Services setup on Unit4 ERP to use Wanda
About this topic
This topic provides a summary of the required setup of Unit4 Identity Services (U4IDS) on Unit4 ERP using Unit4 ERP management Console and is aimed at:
- Consultants and customer system admin level staff tasked with configuring Unit4 ERP to work with U4IDS where Unit4 ERP is being run on-premise
- Unit4 cloud ops staff tasked with configuring Unit4 ERP to work with U4IDS where Unit4 ERP is being run in the Unit4 cloud environment
This topic does not describe U4IDS or Unit4 ERP authentication. For more details on these, refer to the U4IDS general documentation and the Authenticator setup reference manual (access to Unit4 ERP Product Documentation required).
Registration with Unit4 Identity Services and Discovery Service
The Unit4 Identity Services (U4IDS) is an external cloud service used to provide authentication for the Wanda ecosystem. Configuring Unit4 ERP to use U4IDS authentication involves registration of the Unit4 ERP application with U4IDS and configuration of Unit4 ERP authentication.
To use Wanda the customer Unit4 ERP installation must be assigned an IDS authority an IDS tenant ID and an IDS Scope, and registered with the Unit4 Identity Services and Unit4 Discovery Service. This is done by Unit cloud ops.
Once the Unit4 ERP installation is registered to use U4IDS, the following U4IDS configuration is required for Wanda to use the relevant Unit4 ERP functionality:
- Setting U4IDS authentication as the accepted authenticator in the Authentication setup node (or the TAG106 Authenticator setup window on the Unit4 ERP Desktop client), and mapping users to Unit4 IDs in the User Master File node (or the TAG064 User master file window on the Unit4 ERP web client) — this is configured by the customer
- Configuring Unit4 ERP web services (SOAP services) and Unit4 ERP web API to use IDS — this is configured by Cloud ops in a Unit4 ERP cloud installation, or the customer in a Unit4 ERP on-premise installation
Setting IDS authentication as the accepted authenticator
IDS authentication must be set up as the accepted authenticator for each platform used by Wanda (in this case Web services) in the Authentication Setup node as shown below.
If required, this can also be configured in the (TAG106) Authenticator setup window on the Unit4 ERP Desktop client.
Mapping Unit4 ERP users to Unit4 IDs
Each user who will use Wanda must have his or her Unit4 ERP user mapped to a Unit4 ID, as the Unit4 ID is used by U4IDS to provide authentication for Wanda. This is done in the User Master File node on the Security tab, by defining the Unit4 ID and the Logon company.
This then allows the user's organization account to communicate via Wanda with the defined default sign on company as the selected Unit4 ERP user.
Configuring IDS for web applications
IDS must be configured for each web application (in this case Unit4 ERP web services (SOAP services) and Unit4 ERP web API). This is done in the Authentication node for each web application.
In each case the Base URL is the IDS authority and the Tenant Id is the IDS tenant ID. These, along with the Scope Name (normally u4bw) and the Scope Secret are provided when the Unit4 ERP application is registered with U4IDS.
Unit4 ERP web services (SOAP services)
Due to a bug in Unit4 ERP, currently the scope secret and the set of IDS configuration for the SOAP Web Services needs to be exchanged between the Unit4 Cloud organization and the administrator of Unit4 ERP. This bug will be addressed in a future Unit4 ERP release and this step will not be required in future.
Note that Scope secret is only required in the SOAP authentication setup. This is due to an error in the IDS authentication middleware in Unit4 ERP.
Unit4 ERP web API
In the example below, the authentication type is set to Identity Services Authentication. However, this can be set to All Authentications if basic authentication is also needed.
Note that this is a setting stored in the global web.config so it will apply to all web apps/tenants running on the server and will force a restart of any running web API apps. Therefore, this can be disabled in the global web.config if U4IDS isn't required globally.