We have recently upgraded from 10.2.700 to 2024.1.11 and are in the early stages of getting familiar with Kinetic in browser.
We have an On-Prem environment and login to Epicor using SSO. We have things configured so that when we load our environment URL in MS Edge we are seamlessly logged in and presented with kinetic homepage without having to enter any credentials or click login etc.
However, if we use the Log Out button or the session timeouts we seem to have issues logging back in.
After using Log Out > closing browser > reopen browser > we are now presented with the Epicor Login page rather than being logged in automatically.
Sometimes this will redirect to Kinetic Homepage after a little while, sometimes you need to click the Login button, sometimes clicking refresh of browser seems to work, sometimes you get a white screen with blank menu bar down the side and after awhile home page will load or clicking refresh works.
Yes, I have constant issues with logging in in the browser. I get nothing but crickets on my support cases. I think there are not enough people using the browser (and complaining) for epicor to pay attention to fixing this.
The problem is that they plan to force everybody to the browser to log in early next year, with no fall back plan (i.e. if you can’t log in through the browser, too bad, guess you aren’t working today). I think this is completely unacceptable given the number of times on a daily basis that I have to fall back to the client to be able to log in at all.
So PLEASE log this with support and don’t let it go. This is going to be an utter catastrophe for us when the client is taken away.
I definitely believe this is related to SSO. While we enforce SSO for our users, I also have basic auth accounts and do not encounter the login issues on those accounts. For us switching everyone back to basic auth would be a huge step backwards in terms of security (with SSO we get MFA). So I want it to work.
This was actually a question I had… not to get off topic… but SSO is not all or nothing, right?
I can have a group of user accounts set to SSO, but leave others alone to require basic authentication?
My use case was our MES kiosks. I wouldn’t mind moving to SSO for our office staff, but leaving our operator/employee user accounts alone. Is that a viable option?
In fact, if you’re on-prem, you also get a Basic auth channel whether you like it or not. I think the only solution to prevent users from using Basic Auth is to assign random 20+ character passwords.
We’ve found putting the URLs to flush the cache on closing the browser has helped with other issues we’ve ran into. Could it help in your login case?
Note: Microsoft in their great wisdom doesn’t have this as a GPO option so it has to be set by other means. At least that’s what our infrastructure team told me.
Again, we use Azure (Entra) not Windows SSO, so I am comparing oranges to tangerines here, but…
I never have a long wait to log in. Yes, I do have to click the button, but after that, it jumps right in.
I mean, if I am in one of my dev environments and it’s been a week since I logged in, yes, it will sit on a darkened login page for a while before it even displays the button.
But in Production, I log in and out all day long without issue.
This is what keeps happening to me, LITERALLY in the middle of working (0 seconds of inactivity). I just logged in this morning so its not like the token is expiring after 24 hours or whatever (although that would also be unacceptable considering there was no inactivity - it should be getting extended). Nothing but crickets from support for 3 weeks now.
I think the only solution to prevent users from using Basic Auth is to assign random 20+ character passwords.
