Setting Up User Security

This chapter provides an overview of user security and discusses how to:

Create and revise user security.
Review security history.
Manage data sources for user security.
Enable and synchronize security settings.
Run a Security Analyzer report.
Manage unified logon.

Understanding User Security

Use the User Security application (P98OWSEC) to create, test, and change user security for JD Edwards EnterpriseOne and the logically attached database management systems. The security architecture prevents you from viewing the database or system password and from bypassing JD Edwards EnterpriseOne applications to view and change data. JD Edwards EnterpriseOne uses an encryption algorithm to ensure that applications other than JD Edwards EnterpriseOne security cannot access passwords transmitted across the network.

You can also set up a unified logon server for a JD Edwards EnterpriseOne server. The unified logon server enables JD Edwards EnterpriseOne to use the domain logon information to determine user security. In a JD Edwards EnterpriseOne unified logon scenario, a user needs to enter a user ID and a password only at network logon.

Creating and Revising User Security

This section provides an overview of user security, lists prerequisites, and discusses how to:

Create user security.
Copy user security.
Revise user and role security.
Revise all user security.
Change a sign-in password.
Require sign-in security.

Understanding How to Create and Revise User Security

A user profile must already exist for a user before you can create user security records for that user. You can create security records one at a time for each of the users, you can set security for a role, or you can set security for all users.

Typically, users within a specific role use similar security information. Oracle recommends that you create a model user with security information that you can copy to create security records for other users. The P98OWSEC application provides a copy function that simplifies the creation of security records.

Note. When you copy security records to a user, security records must not already exist for that user. If you try to copy user security to a user with existing user security records, you will receive an error message.

You should keep user security simple. Managing JD Edwards EnterpriseOne user IDs and system (database) user IDs can become complicated quickly. The simplest way to set up user security is to have all data sources share the same system user ID and password by leaving the data source field blank when you initially create user security records for users or roles on the Security Revisions form.

When you leave the data source field blank, the P98OWSEC application automatically enters DEFAULT in the field. The DEFAULT data source enables you to create one security record for all users. Each time a user accesses a table through a JD Edwards EnterpriseOne application, the software searches for a security record for that user and the specific data source where the table resides. If the software does not find a specific record, then it uses the default data source, which is the security record that you created with the DEFAULT data source field.

You use system user IDs to manage user access to databases. Although you should try to maintain as few system user IDs as you can, occasions arise that require you to set up database security in addition to the JD Edwards EnterpriseOne object and user security for specific users and specific tables. For example, you might need to create system users with additional authority to what the typical system user needs.

Prerequisites

Before you complete the tasks in this section:

Set up all user records in the Address Book application (P01012).
Create user profiles using the User Profile application (P0092).

See Working with User and Role Profiles.
Attach the proper Address Book record to the user or role profile.
Review and set the appropriate processing options before using the P98OWSEC application for the first time.

See Setting Processing Options for User Profile Revisions (P0092).

Forms Used to Create and Revise User Security

Form Name	FormID	Navigation	Usage
Work With User Security	W98OWSECE	Security Maintenance (GH9052), User Security (P98OWSEC)	Access forms to work with user security.
Security Revisions	W98OWSECB	On the Work With User Security form, click Add.	Create user security.
Copy User Records	W98OWSECN	On the Work With User Security form, select the user or role and click Copy to copy all security records. To copy a single user security record, select the security record from the detail area, and select Copy Record from the Row menu.	Copy user security.
Security Detail Revisions	W98OWSECI	On the Work With User Security form, select the appropriate record, and then select Revise Security from the Row menu.	Revise user and role security.
Administration Password Revisions	W98OWSECF	Security Maintenance menu (GH9052), Administrative Password Revisions (P98OWSEC)	Change a sign-in password.
Sign On Security - Required/Not Required	W98OWSECG	On the Work With User Security form, select Req / Not Req from the Form menu.	Require all machines to use JD Edwards EnterpriseOne sign-in security.

Creating User Security

Access the Work with User Security form.

Click Add.

Note. Do not use the GlobalPasswordPolic option in the Form menu. This form contains password settings that only apply to users who are using the User Profile Self-Service application (P0092SS).
On the Security Revisions form, complete one of these fields:
- User ID
  
  If you enter a user ID that already exists, you can modify data source information for the user. The system disables all other fields and options for the user ID.
- Role
  
  If you enter a role that already exists, you will overwrite the security record for role when you enter information on the form.
  
  Note. When you type information in one of these fields, the system disables the other field. For example, if you type ROLE1 in the User Class/Role field, the User ID field becomes unavailable for data entry.
Complete these fields:
- Data Source
  
  If you leave this field blank, you will set security for all data sources. DEFAULT appears in the Data Source field when you tab out of the field.
- System User
- Password
  
  We recommend you complete at least the System User field.
  
  If you create records by role or for all users at one time, the Password field is populated according to the processing option that you select.
In the User Status area, select one of these options:
- Enabled
  
  With User Status enabled, security allows the user to sign in. This option is the default setting when you create user security.
- Disabled
  
  With User Status disabled, security prohibits the user from signing in to the software.
  
  Note. If a user commits a security violation, such as exceeding the maximum number of allowed password attempts, the software automatically sets the value for User Status to Disabled. The system administrator must access the user security record for the user and set User Status to Enabled before the user can sign in. In addition, the system administrator can access Administrative Password Revisions to reset the password of the user, which also restores a user profile to the status of enabled.
If you want to set limits on the passwords for users, complete these fields:
- Allowed Password Attempts
  
  Enter the number of invalid password attempts allowed before the system disables access for the user.
- Password Change Frequency
  
  Enter the number of days until the system requires the user to change the password.
- Daily Password Change Limit
  
  Enter the allowed number of times a user can change a password in a day.
- Force Immediate Password Change
  
  Click this option to require the user to change the password on the next sign-in.
Click OK to save the current user security information.

Copying User Security

A user profile must already exist for a user before you can create user security records for that user. In addition, when you copy security records to a user, security records must not already exist for that user. If you try to copy user security to a user with existing user security records, you will receive an error message.

Note. You should create a model user with security information that you can copy to create other users. Typically, users within a specific role use similar security information.

Access the Work With User Security form.

To copy user security:

On the Work With User Security form, find the user, and then perform one of these actions:
- To copy all user security records for a user or role, select the user or role in the tree structure, and click Copy.
- To copy a single user security record for a user or role, select the security record row in the detail area, and select Copy Record from the Row menu.
On the Copy User Records form, enter a valid user ID in the To User / Role field and click OK.

Revising User and Role Security

Access the Work With User Security form.

On the Work With User Security form, complete the User ID / Role field.
Click Find.
Select the appropriate record in the tree structure, and then select Revise Security from the Row menu.
On the Security Detail Revisions form, complete these fields, as necessary:
- User Status
  
  Under User Status, you can enable or disable a user profile.
- Password Change Frequency
- Allowed Password Attempts
  
  Note. For a role, select the appropriate option from the Change box to enable each field.
Click OK.

Revising All User Security

Access the Work With User Security form.

From the Form menu, select Revise All.
On the Security Detail Revisions form, in the Change box, select any of these options to enable the related field:
- User Status
- Frequency
- Attempts
- Change Limit
Complete any of these fields, and then click OK:
- User Status
  
  This field enables you to enable or disable user profiles.
- Password Change Frequency
- Allowed Password Attempts
- Force Immediate Password Change
  
  This field requires the user to change the password on the next sign-in.

Changing a Sign-in Password

Access the Administration Password Revisions form.

Note. You can also access Administrative Password Revisions from the User Security application. On the Work with User Security form, find the user, select the user in the tree structure, and then select Password Revisions from the Row menu.

User ID	Enter the user ID that you want to force a password change during sign-in. The user ID is the default value in this field when the user record is highlighted and Password Revision is activated.
New Password	Enter a new password. On this form, the system does not restrict the password choices. Any password is valid.
New Password - Verify	Enter the password again to verify it.
Force Immediate Password Change	Select this option to force the user to change the password during the next sign-in.

Requiring Sign-in Security

Use this feature to require all machines to use JD Edwards EnterpriseOne sign-in security. This procedure enables mandatory security only for the environment that you are signed into when you make this change.

Access the Work With User Security form.

Select Req / Not Req from the Form menu.
On the Sign On Security - Required/Not Required form, click the lock icon to change the Security Server to Required or Not Required.

Note. If you set up the security as Not Required and have security turned on through the jde.ini file on the enterprise server, users that comment out signon security in their jde.ini files will still not be able to access any data sources without knowing the system user ID and password.

When attempting to access a table in a secured data source, users will receive a database password entry form. If system user IDs and passwords are confidential, no one will be able to access the secured tables.

Reviewing Security History

This section lists the prerequisite and the forms used to review security history.

If you know the specific user or role, you can review the user's or role's security history by using the JD Edwards EnterpriseOne Security application. You can also search for specific information for all users. For example, to see the users who were deleted on a given day, you can search on event type 06 (Delete User) and a specific event date.

Prerequisite

The [SECURITY] section in the server jde.ini must include the History=1 setting for the system to record security history.

Forms Used to Review Security History

Form Name	FormID	Navigation	Usage
Work With User Security	W98OWSECE	Security Maintenance (GH9052), User Security (P98OWSEC)	Access forms to review security history.
Work With Security History	W98OWSECC	On the Work With User Security form, from the Form menu, select Security History.	Click Find to review the security history records.

Managing Data Sources for User Security

This section provides an overview of data source management for user security and discusses how to:

Add a data source to a user, a role, or all users.
Revise a data source for a user, a role, or all users.
Remove a data source from a user, a role, or all users.
Change the system user password for multiple users.

Understanding Data Source Management for User Security

You add data sources to user and role records in user security to authorize users and roles to access JD Edwards EnterpriseOne databases. You can also revise the system user and password for existing data sources.

Forms Used to Manage Data Sources for User Security

Form Name	FormID	Navigation	Usage
Work With User Security	W98OWSECE	Security Maintenance (GH9052), User Security (P98OWSEC)	Access forms to set up user security.
Add Data Source	W98OWSECS	On the Work With User Security form, from the Form menu, select Add Data Source.	Add a data source to a user, role, or all users.
Data Source Revisions	W98OWSECH	On the Work With User Security form, select a data source, and then select Revise Data Source from the Row menu.	Change the system user for a data source.
Remove Data Source	W98OWSECK	On the Work With Security form, select the appropriate record in the tree structure, and then click Delete.	Remove a data source. If you chose a data source for a specific user or role, this form displays the user ID or the role name with the data source name. If you chose only the data source, this form displays only the data source name.
Work With System Users	W980001A	In Solution Explorer, enter P980001 in the Fast Path.	Locate a system user.
System User Revisions	W980001C	On the Work With System Users form, select a system user and then click the Select button.	Change the system user password.

Adding a Data Source to a User, a Role, or All Users

Access the Add Data Source form.

Complete one of these fields or options:
- User ID
  
  Complete this field to add a data source to a specific user.
- Role
  
  Complete this field to add a data source to a specific role.
- All Users
  
  Select this option to add a data source to all users.
Complete these additional fields and click OK:
- Data Source
  
  Leave this field blank to set the data source information for all data sources. When you leave this field blank, the system automatically enters DEFAULT in the field.
- System User

Revising a Data Source for a User, Role, or All Users

Access the Work With User Security form.

Complete the Data Source field, and then click Find.

Note. You can also enter both a data source and user ID/role. If you select just a data source, the change will affect all users.
Select the data source in the tree structure and then, from the Row menu, select Revise Data Source.

The Data Source Revisions form appears. If you chose a specific user or role, this form displays the user ID or the role name and the data source information. If you chose only the data source, this form automatically selects the All Users option with the data source information.
Complete the System User field and click OK.

This field is necessary to access databases within the software. Depending on what you selected from the tree on the Work With User Security form, this information will apply to a specific user, a specific role, or all users.

Removing a Data Source for a User, Role, or All Users

Access the Work With User Security form.

Complete the Data Source field, and then click Find.
Select the appropriate record in the tree structure, and then click Delete.

Note. For a user, you can also select a row in the detail area for the user, and then click Delete.

The Remove Data Source form appears. If you chose a data source for a specific user or role, this form displays the user ID or the role name with the data source name. If you chose only the data source, this form displays only the data source name.

Important! If you performed the search by data source without including a specific user or role, when you click OK on Remove Data Source, you remove the data source for all users.
Click OK to remove the data source.

Changing the System User Password

Access the Work With System User form.

Locate a system user and then click Select.
On the System Users Revision form, complete these fields and then click OK:
- Password
  
  Enter a new password for the system user/data source combination.
- Password Verify
  
  Enter the password again for verification purposes.

Enabling and Synchronizing Security Settings

This section provides an overview of enabling and synchronizing security settings and discusses how to:

Change the workstation jde.ini file for user security.
Set auxiliary security servers in the workstation jde.ini.
Change the timeout value due to security server communication error.
Change the enterprise server jde.ini file for security.
Set auxiliary security servers in the server jde.ini.
Verify security processes in the server jde.ini.

Understanding Security Setting Synchronization

You must modify the enterprise server and the workstation jde.ini files to enable and synchronize security settings between the enterprise server and the workstation.

Note. For the JD Edwards EnterpriseOne workstations, enable security by changing settings in the workstation jde.ini file. You should make these changes on the deployment server-resident jde.ini file that is delivered to the workstation through a package installation.

Changing the Workstation jde.ini File for User Security

Access the jde.ini file.

Locate the jde.ini file that will be sent to the workstation as part of a package installation.

This file is located on the deployment server in the release share path:
```
\\xxx\CLIENT\MISC\jde.ini
```
Where xxx is the installed release level of the software (for example, 810).

Using a text editor such as Notepad, view the jde.ini file to verify this setting:

[SECURITY]
SecurityServer=Enterprise Server 
NameDefaultEnvironment=Default Environment

This table explains the variable values:

Setting	Value
Security Server	The name of the enterprise server. For workstations to sign on and run batch reports on the enterprise server, this value must be the same for both the workstation and the enterprise server.
DefaultEnvironment	A name that identifies any valid environment. If no value is specified, security is not enabled for that workstation.

Setting Auxiliary Security Servers in the Workstation jde.ini

Within the [SECURITY] section of the workstation jde.ini file, you can set as many as 10 auxiliary security servers. This example shows how the jde.ini file might look:

[SECURITY]
NumServers=Numeric Value
SecurityServer=Enterprise Server Name (primary)
SecurityServer1=Enterprise Server Name (auxiliary)
SecurityServer2=Enterprise Server Name (auxiliary)

This table explains the variable values:

Setting	Value
NumServers	The total number of security servers (primary and auxiliary) that you set under the [SECURITY] section of the jde.ini file. For example, if you set one primary and four auxiliary servers, the NumServers value is 5. You can set NumServers to any value between 1 and 10. If you do not include the NumServers setting, the system assumes that you have only one server.
SecurityServern	The name of a JD Edwards EnterpriseOne enterprise server. The primary and auxiliary security server names must all correspond to valid enterprise servers. The values for both the workstation and the enterprise servers must be the same for workstations to sign on to and run batch reports from the enterprise server. The variable value n can be a number between 1 and 10. This number defines the auxiliary security server.

Setting

Value

NumServers

The total number of security servers (primary and auxiliary) that you set under the [SECURITY] section of the jde.ini file. For example, if you set one primary and four auxiliary servers, the NumServers value is 5. You can set NumServers to any value between 1 and 10. If you do not include the NumServers setting, the system assumes that you have only one server.

SecurityServern

The name of a JD Edwards EnterpriseOne enterprise server. The primary and auxiliary security server names must all correspond to valid enterprise servers. The values for both the workstation and the enterprise servers must be the same for workstations to sign on to and run batch reports from the enterprise server.

The variable value n can be a number between 1 and 10. This number defines the auxiliary security server.

Changing the Timeout Value Due to Security Server Communication Error

You might need to change a setting in the workstation jde.ini file if you receive an error such as:

Failure to Communicate with Security Server.

Change this section:

[JDENET]
connectTimeout=30

Changing the Enterprise Server jde.ini File for Security

To change the enterprise server jde.ini file for security, you should verify the server jde.ini file settings as shown in this task. Use these settings to specify the internal security parameters, valid users and passwords, environments, and data sources.

Locate the enterprise server's jde.ini file.

Using an ASCII editor, such as Notepad, view the jde.ini file to verify these settings:

[JDENET_KERNEL_DEF4]
dispatchDLLName=name of host dll
dispatchDLLFunction=JDEK_DispatchSecurity
maxNumberOfProcesses=1
beginningMsgTypeRange=551
endingMsgTypeRange=580
newProcessThresholdRequests=0
[SECURITY]
Security Server=Enterprise Server Name
User=user ID
Password=user password
ServerPswdFile=TRUE/FALSE
DefaultEnvironment=default environment

This table explains the variable values:

Setting	Value
dispatchDLLName	Values for enterprise server host platforms are: HP9000, libjdeknet.sl RS/6000, libjdekrnl.so Windows (Intel), jdekrnl.dll Windows (Compaq AlphaServer), jdekrnl.dll iSeries, JDEKRNL For UNIX platforms, values are case-sensitive.
SecurityServer	The name of the enterprise server. This value must be the same for both the workstation and the enterprise server for workstations to run batch reports on the enterprise server.
User	The ID of a user with access to the F98OWSEC. This is the ID used to connect to the DBMS; therefore, this value must match that of the target DBMS.
Password	The password for the user ID with access to theF98OWSEC. This is the password used to connect to the DBMS; therefore, this value must match that of the target DBMS.
ServerPswdFile	This parameter is valid for servers operating under UNIX operating systems. The setting of this parameter determines whether the system uses special password handling for batch reports running on the server: Set the value to TRUE to instruct the system to enable special handling of passwords. Set the value to FALSE to disable special handling. When the system runs a batch report on the server, it runs the report using a string of line commands and parameters that includes the user password. Under UNIX operating systems, it is possible to use the process status command (ps command) to query the status of a job and view the parameters that were used to start the process. As a security measure, you can enable special handling by the software. When enabled, the software does not include the user password in the parameter list for a batch process. Instead, it includes the name of a file that contains the user password. This file is deleted as soon as the batch report reads the password.
DefaultEnvironment	The name of a valid environment for accessing the security table (for example, PD810).

Setting Auxiliary Security Servers in the Server jde.ini

Within the [SECURITY] section of the server jde.ini file, you can set one to 10 auxiliary security servers. You set multiple auxiliary security servers to establish levels of default servers. For example, if a machine cannot access a given security server, the machine tries the next security server that is defined in the [SECURITY] section. The settings for the auxiliary security servers might look like this example:

[SECURITY]
NumServers=Numeric Value
SecurityServer=Enterprise Server Name (primary)
SecurityServer1=Enterprise Server Name (auxiliary)
SecurityServer2=Enterprise Server Name (auxiliary)

This table explains the variable values:

Setting	Value
NumServers	The total number of security servers (primary and auxiliary) that you set under the [SECURITY] section of the jde.ini file. For example, if you set one primary and four auxiliary servers, the NumServers value is 5. You can set NumServers to any value between 1 and 10. If you do not include the NumServers setting, the system assumes that you have only one server.
SecurityServerx	The name of an enterprise server. The primary and auxiliary security server names must all be valid enterprise servers. The values must be the same for both the workstation and enterprise servers for workstations to log onto and run batch reports from the enterprise server. The variable value x can be any number between 1 and 10. This number defines the auxiliary security server.

Setting

Value

NumServers

SecurityServerx

The name of an enterprise server. The primary and auxiliary security server names must all be valid enterprise servers. The values must be the same for both the workstation and enterprise servers for workstations to log onto and run batch reports from the enterprise server.

The variable value x can be any number between 1 and 10. This number defines the auxiliary security server.

Verifying Security Processes in the Server jde.ini

You should define only one process for the security network. You can set multiple processes, but they are probably not necessary. Under the [JDENET_KERNEL_DEF4] section of the server jde.ini file, verify that this parameter is set:

[JDENET_KERNEL_DEF4]
maxNumberOfProcesses=1

Running a Security Analyzer Report

This section provides an overview of the Security Analyzer Report and discusses how to:

Run the Security Analyzer by Data Source Report (R98OWSECA).
Run the Security Analyzer by User or Group Report (R98OWSECB).

Understanding the Security Analyzer Report

This process generates two separate reports that provide you with an analysis of JD Edwards EnterpriseOne security. The first report is the Security Analyzer by Data Source (R98OWSECA); it is organized and sorted by data source. A blank data source means that security for the System User ID is applicable to all data sources. The Security Analyzer by Data Source report is based on data that it reads from the F98OWSEC table.

The second report is the Security Analyzer by User or Group (R98OWSECB); it is organized by user or role. The Security Analyzer by User or Role report is also based on data that it reads from the F98OWSEC table.

Form Used to Run a Security Analyzer Report

Form Name	FormID	Navigation	Usage
Work With Batch Versions - Available Versions	W98305A	Report Management (GH9111), Batch Versions (P98305)	Run the Security Analyzer by Data Source (R98OWSECA) and Security Analyzer by User or Group (R98OWSECB) reports.

Running the Security Analyzer by Data Source Report (R98OWSECA)

This report presents security analysis information for each data source, each user ID, and each role. The report is sorted by data source and then by user ID. This columnar data appears in the report:

Data Source

The data source to which the user is secured. Blank indicates all data sources.
User ID
User / Role

An identification code for a user profile.
System User ID

The actual user that JD Edwards EnterpriseOne uses to connect to the DBMS that you specified as the data source. This system user must match the user value that is defined in the DBMS.
Change Frequency

The number of days before the system requires that a user change their password. This data can be set by individual user ID or by role.
Source Password Changed

The date when a user's password was last changed.
Invalid Signons

The number of invalid sign-in attempts by a user. If the retry count value exceeds the number of allowed attempts, the user profile is disabled.
Allowed Attempts

The number of sign-in attempts that a user can make before that user profile is disabled.
User Status

A value that indicates whether the user can sign in to JD Edwards EnterpriseOne. Values are 01 (enabled) and 02 (disabled).
Status

The display status of the User Status field.

Access the Work With Batch Versions - Available Versions form to run the Security Analyzer by Data Source Report (R98OWSECA).

Select a version and then click Select.

The default version is XJDE0001. It creates a report for all user IDs for all data sources.
On the Version Prompting form, click Submit.
On the Report Output Destination form, select any of these options:
- On Screen
- To Printer
- Export to CSV
If desired, select the OSA Interface Name option and enter a name in the box that appears.

Running the Security Analyzer by User or Group Report (R98OWSECB)

The Security Analyzer by User or Group Report (R98OWSECB) report presents security analysis information for each user ID, each group, and each data source. The report is sorted either by user ID or user group, depending on which processing option you select. This columnar data appears in the report:

User ID
Role
Password Change Frequency

The number of days before a user must change their password. This data can be set by individual user ID or by group.
Data Source

The data source to which the user is secured. A blank indicates all data sources.
System User

The actual user that the software uses to connect to the DBMS that you specified as the data source. The system user that is defined here must match the user value that is defined in the DBMS.

Access the Work With Batch Versions - Available Versions form to run the Security Analyzer by User or Group Report (R98OWSECB).

Select a version and click Select.

The default version is XJDE0001. It creates a report for all user IDs for all data sources.

By default, the XJDE0001 version has the processing option for this report set to 1. This option generates a report by user ID.

To generate a report by role, you can prompt for processing options and then, on the User Setup tab, change the value to 2.
On the Version Prompting form, click Submit.
Complete the processing options as necessary, and then click OK.
On Report Output Destination, select any of these options:
- On Screen
- To Printer
- Export to CSV
If desired, select the OSE Interface Name option and type a name in the field that appears.

Managing Unified Logon

This section provides an overview of unified logon and discusses how to:

Modify the jde.ini setting to enable or disable unified logon.
Set up a service for unified logon.
Remove a service for unified logon.

Understanding Unified Logon

For configurations that use a Windows enterprise server, to set up unified logon, you need to modify only the [SECURITY] section of the jde.ini file. When a user signs on, these settings alert the software to use unified logon.

When the enterprise server is on a non-Windows platform, you need to set up a Windows service for unified logon. This service identifies the unified logon server for JD Edwards EnterpriseOne. You also need to set the unified logon settings in the [SECURITY] section of the jde.ini file.

Important! When you use unified logon, you need to use the same user ID for the Windows domain and JD Edwards EnterpriseOne so that the records for each are synchronized. For example, if the user ID for a user in the Windows domain is USER1, the user ID for JD Edwards EnterpriseOne must also be USER1. If the user IDs are different, unified logon does not work for the user.

Modifying the jde.ini Setting to Enable or Disable Unified Logon

Locate the jde.ini files on the server and on the workstation.

To modify the jde.ini setting to enable or disable unified logon:

In the server jde.ini file, add these settings in the [SECURITY] section:

[SECURITY]
SecurityMode=0, 1 or 2

Value	Description
0	Accepts only users set up for standard sign-in security.
1	Accepts only users set up for unified logon.
2	Accepts users set up for both unified logon and standard sign-in security.

In the workstation jde.ini file, add these settings in the [SECURITY] section:

[SECURITY]
UnifiedLogon=0 or 1

Value	Description
0	Disables unified logon for the workstation. This setting is the default value.
1	Sets unified logon for the workstation.
server_name	Enter the name of the server on which the unified logon server data resides.

Setting Up a Service for Unified Logon

If the enterprise server is not a Windows server, you should set up services for unified logon on the deployment server. The deployment server is always a Windows server.

To set up a service for unified logon:

On the deployment server, in Windows Explorer, access the \Unified Logon directory and run the file UniLogonSetup.exe.

The Unified Logon Server Setup form appears. On this form, you define the Windows service for unified logon servers. You can also remove these services on this form.
Complete these fields:
- Unified Logon Service Name
  
  Enter the name for the unified logon server.
- EnterpriseOne Port Number
  
  The port number for the unified logon server should match the JD Edwards EnterpriseOne port number of the server for which you want to set up unified logon.
- Service Executable Filename
  
  Enter the directory path for the unified logon service program.
- Log Filename
  
  Enter the name of the unified logon log file, including the full directory path.
  
  The default user list contains all authenticated network users.
To create a custom user list, enter the users or the groups in the Users or User Groups box to add the user information to the unified logon user list.

Note. Generally, the default Windows list of authenticated network users lists users by group.
Click the Install Service button to save the service information for the unified logon server.

Removing a Service for Unified Logon

To remove a service for unified logon:

Run UniLogonSetup.exe.

The Unified Logon Server Setup form appears.
From the Unified Logon Service Name menu, select a unified logon server, and then click the Uninstall Service button.