Skip to content
Schedule a Call

Seeking a Secure, Efficient Single-Sign On Solution

Taubman

Industry

Real Estate

Challenge

Taubman sought a secure, efficient single sign-on solution to coincide with their next JD Edwards upgrade, but ERP Suites advised against implementing LDAP due to its user provisioning limitations and incompatibility with Taubman’s multi-domain global setup.

Results

ERP Suites recommended implementing JSON Web Token (JWT) Single Sign-On, integrated with Microsoft Azure AD (now Entra ID), to provide seamless, secure access and flexible adoption without disrupting existing logins. To address Azure’s rolling key changes, ERP Suites developed a custom signed key solution, resulting in enhanced security, ease of use, and positive long-term user feedback.

Services

Security, JWT SSO

www.taubman.com/

“The ability to have JDE SSO with Azure allowed us to adhere to our standard authentication policy, increasing security and lowering maintenance.”

Lon McFarland

Senior Manager Enterprise Applications | Taubman

Taubman 2

Background

Taubman, a Michigan-based real estate development company, specializes in a varied portfolio of shopping malls, including regional, super-regional and outlet, found in major markets across the nation and in Asia. Taubman’s biggest retail tenants include Forever 21, The Gap, and Williams Sonoma, among others. ERP Suites has handled their technical managed services since 2013. 

Business Challenge

As part of our managed services protocol with Taubman, we have performed several tools release upgrades within JD Edwards. The conversation between client and account manager preceding upgrades entails understanding the client’s most up-to-date requirements, including secure sign-on options. Taubman wanted a single sign-on solution to streamline the process for their user community that was secure, efficient, and would preferably coincide with their next upgrade.   

Taubman considered implementing the EnterpriseOne Lightweight Direct Access Protocol (LDAP) sign-on method, but ERP Suites advised against this for several reasons: LDAP implementation required all users to be within that LDAP.  The way Taubman provisioned users would have to be changed to use LDAP, and finally, it was not feasible in some parts of the company, due to multiple domain controllers and users in Asia.

The Solution

Our team instead recommended a new feature, that would already be included in Taubman’s upgrade to Release 23, the JSON Web Token Single Sign-On (JWT SSO) for the following reasons: 

  • The JWT SSO utilized Microsoft’s Azure Active Directory, so a user only needs to sign in once. 
  • The login is cached, so that the user is taken directly into any application under the umbrella of Azure AD (which is now known as Microsoft Entra ID.) 
  • The JWT SSO has a user-directed pace of adoption, which allows users to utilize it on their own desired timelines. It does not require a “big bang” approach of all users, and the traditional E1 login is still available for certain use cases such as system users, fat client development, etc. 

A default consequence of using Azure AD/Entra ID was Microsoft provides public rolling keys/certificates that can change. They expect the application to automatically update when the keys change, but currently, E1 does not currently support rolling keys or automated keystore updates. Consequently, ERP Suites also developed a solution to leverage a custom signed key that only E1 web instances use. 

This solution provides improved ease of use for the E1 web users along with leveraging security features and policies available in Microsoft Entra ID/Azure AD. Taubman has been using this solution for over a year with positive user feedback. 

Ready to get started?

JDE SSO Assessment Schedule Your SSO Discussion EnterpriseOne has several authentication options and vendor solutions available. Schedule time with us to review what is best for you.