More of a survey of questions for those who are using Infor for open enrollment.
1-Are you offering it outside your intranet? Yes or No
2-If offering outside the intranet what is your delivery method? Citrix, VPN, or End Point outside the firewall
3-If end point outside the firewall I assume you have an external domain and separate end point setup in ISS and using SSL. What other form of security are you using? Are you using two-factor authentication?
4-If presented outside the firewall and using an external domain and separate end point did you also use the same service? In other words are you using the same AD authentication you use on your intranet or are they using Lawson security? Put another way do your EMSS/OE users have separate logins?