Is anyone out there using Azure AD for Authenticating Epicor?
Any advice, comments, pitfalls, suggestions etc?
We are hosted ST Behind an F5 LB if it makes a difference.
We’re having a hard time in .400 getting it to be stable. Appears to be a development issue. We’re waiting for a resolution.
1 Like
Any details on how you would describe “unstable?”
The big thing to remember with Azure AD is that you need to redirect out to the Microsoft servers to login to Azure AD.
Client → login.microsoft.com → Client → Server → login.microsoft.com → Server → Authenticated!!!
If you have a firewall blocking outbound redirects, you can run into issues. Depending on how hard you lock down servers, you might need to open a few ports to the msft login servers and then to any multi-factor auth plug ins you add as requirements in Azure AD config for your enterprise.
2 Likes
Well, I tried to configure this and make it usable for our environment against 10.2.300 but sadly we’ll have to wait for a future release.
Two issues to be aware of:
- The documentation is not always clear/accurate in the redirect/return URLs which need to be configured within Azure AD. In particular the documentation for EWA is incorrect.
- There is an issue with EDD & the Active Home Page when using Azure AD authentication in 10.2.300. In our environment EDD tiles timeout and stop refreshing after 1 hour. I wasn’t able to determine exactly where the 1 hour timeout came from (appears to be Azure AD rather than Epicor?), release notes show this as resolved in .400, I’ve not had a chance to retest so far.
Outside of these points once configured it works perfectly: I’ve not come across anything I’d describe as “unstable” with it.
Definitely on the list for our next upgrade.