Azure AD Auth - Swagger API Sign In - Still allowing normal username and pass


I set up an app server to allow for httpsbinaryazure endpoints and have configured azure ad.

Why can I still sign into the swagger rest API with normal username and password? For some reason I thought that the app pool would only allow azure AD auth… is that not true?



No, you need to specify the flag Require Single Sign On for each user in User Maintenance.


Olga, does that mean that I can’t have separate app pools with different authentication methods?

Technically, one would create a separate AppServer with a different endpoint address.

1 Like

AppServer is not connected with authentication type in REST. THis was limitation of WCF - when you only can use one binding per protocol and binding defines authentication.
When WCF will go away completely, those limitations do not apply anymore.

REST checks authentication of the call. If you send name/password, that will be basic authentication.
Alternatively you can send any token for AAD, IDP, etc.
Require SSO flag specifies that basic authentication is not allowed for the user. There is no global flags for this.


Thanks olga, so all my app pools for an environment would have to be single sign on should I wish to disable basic auth for a user in just one app pool.

Ooooh, good to know. Thanks!

We have 2 App Pools… EpicorERP and EpicorERPNoSSO

1 Like