Our organization is evaluating authentication strategies for JD Edwards 9.2.0 with a focus on lease management module access. We’re currently using basic LDAP integration but are considering moving to ADFS for SSO capabilities.
The lease management team has about 150 users across multiple departments who need seamless access to lease applications, contract workflows, and reporting tools. We’re particularly interested in understanding the trade-offs between LDAP and ADFS in terms of SSO federation, security compliance (we’re subject to SOX and GDPR), and ongoing maintenance overhead.
I’d love to hear from anyone who has implemented either approach or migrated from LDAP to ADFS. What were the key considerations that drove your decision? How did federation capabilities impact your user onboarding process?
On the security compliance front, ADFS has clear advantages for SOX and GDPR requirements. The claims-based authentication provides granular audit logging - you can track not just who accessed lease data but also which federated identity provider authenticated them and what claims were asserted. For GDPR, the centralized identity management means when users exercise their right to be forgotten, you have a single point to revoke access across all federated applications including JDE. With LDAP, you’re managing JDE authentication separately from your broader identity governance framework.
We made the LDAP to ADFS transition last year for our entire JDE environment including lease management. The primary driver was SSO - our users were tired of maintaining separate credentials for JDE versus other enterprise applications. ADFS gave us true single sign-on with federation to Office 365, Salesforce, and other cloud apps. The security compliance aspect was also significant since ADFS provides better audit trails and supports MFA natively.
From a lease management perspective, I can share that ADFS has streamlined our user provisioning significantly. When we used LDAP, onboarding a new lease analyst meant coordinating between IT for directory access and then separately configuring JDE roles. With ADFS and group-based claims, we map AD security groups directly to JDE roles. New hires get lease management access automatically based on their department assignment in AD. The federation aspect also helps with our external auditors who need temporary access - we can grant them federated access without creating JDE-specific accounts.