Has anyone run into the problem where you have implemented SSO but MES still prompts for a password?
If I uncheck require SSO in the user account they can at least get in with a password, but with that box checked they can’t get into MES at all.
MES initially launches with with no password prompt and the user selected on the employee record is correct, so I can’t figure out what’s going on. Yes I know I can wipe out the account association but that’s not acceptable from a security perspective.
What’s really odd is that is works for some people and not others. I can’t discern any difference between the accounts that prompt for an MES password and the accounts that don’t.
is your MES connecting via Terminal server with a User account or as a local install on that machine?
Does the EMPLOYEE that is clocking into MES have a USER account in the Material handler section of the employee record? from what i have seen, that is what prompts for the password when logging into the handheld or MES.
Yes they are linked to users - that is the only way to control it, otherwise anyone in the company can use any employee id?
I talked to Epicor support, apparently SSO is not actually implemented for MES which seems crazy to me. The only solution is to unlink the accounts so they are wide open with zero security, or else use a non-SSO app server for MES which totally defeats the purpose of implementing SSO in the first place.
Support just transferred my case and the new tech wants to know what SSO means.
Yes. for Employees, anyone could clock in with another’s employee ID. For us that’s not an issue. the only control we need is for things that are controlled by the check boxes on the Employee record. so for those that issue material , they would have a password so we can control inventory.
For Employee that dont also have a User ID (90% of the manufacturing workforce) there is no password control. The only risk is one person clocks labor for another.
The risk is somebody clocks in with somebody else’s employee ID and through the MES functionality gains access to screens they should not in Epicor like time and expense entry. The open-with functionality is dangerous. I know that’s a different issue to solve but its frustrating that SSO doesn’t work with MES.
thats not a risk for us. we have a sec group for all the menu items. the MES user account only has the Production Sec Group so can only access the certain areas.
if a user tries to right click open with they will be blocked by the menu item security groups.
