And, I mean, don’t leave your computer unlocked and unattended anyway!
The unknown to me is how this affects connections to the outside world:
Connecting from a web browser (EWA) from outside the domain
Connecting from the client on my work laptop, but from my home WiFi (no VPN)
Integration with some other service (maybe an ecommerce site that’s not Magneto or something Epicor is selling)
I know we need to get a public(?) SSL certificate - whatever the one is called that’s not self-signed. (Actually we have one but there’s an issue with us using a .local URL…)
Anyhow, can someone alleviate fears 1-3? I may have more…
We have pseudo SSO by using an endpoint binding of “Windows”.
This works by using the user and domain info of who is logged into the client computer, and automatically selects the E10 user account whose domain and Domain User ID.
So launching the client on a computer will always make that session us the E10 user based on who logged into the client computer.
Our remote users use RDS, which logins them in using their domain credentials, then passes the user name on to the E10 Client.
To run the client as a user other than the one logged into the computer, use the Shift+Right Click
It’ll take me a while to process that, but why not use whatever “normal” SSO is? There must be some advantage.
Our remote users (salespeople all over the country) complain about the sketchy connectivity through the VPN. Is RDS (Remote Desktop, right?) any better? And then that would require a cal for every user…
You read my mind. I was wondering about that but felt silly to ask.
Originally the IT group was hesitant to have to support the client program on users machines. They figured it would be easier to just manage on one machine (the RDS server). They never really understood how E10 worked. In their defense, they are the corporate IT, and we had V8 when they acquired us. So they needed to do the quickest implementation of moving V8 from our on site server, to their data center server.
I like the fact that it totally bypasses the need for users to login, change passwords etc…
Nearly all of our users use the RDS (yes, remote desktop) version. A few have the Client installed locally (they are all on premises). I forget why - might have to do with running old CR reports that used ODBC connections, and the IT group was having issues with the CR Runtime and ODBC connection on the RD server. I don’t think they ever really tried … once I told them we could do all that on the client computers, they were like, “then do that.”
As the guy, I would be remiss if I didn’t mention Azure AD. We sync our local AD with Azure but you can then add more users in Azure AD that are not in your AD (Epicor support, consultants, etc.). You need an Internet connection to work login but once you have a token, you’re good for the life of it. You get all the other benefits of SSO. If you’re a cloud-hosted then you don’t have to VPN into your system either.
As long as you have an Internet connection while logging in, yep. You get all the benefits of SSO and you can use the same login for O365 and other cloud services like Concur, Jira, SalesForce, etc.
Interesting. Our IT director probably is familiar; he just pushed us to O365 in the last month.
So, related and unrelated, what about integrations? I’m really just ignorant all around with integrations, but I’ll need to be an expert soon.
How do integrations work with SSO, with or without Azure AD? Salesforce has been mentioned around here. And we are trying to integrate an ecommerce site with Epicor. And UPS uses something called SAP Ariba, and apparently they (UPS) are wanting us to interface with that somehow, too.
I guess they need an account name and password, just like the app server connects to the database. But again, how do you “single sign-on” outside of the domain?