BAQ As Excel DataSource From Web - Authenticating

Kinetic ERP
,
1

One of our companies that recently went live with Kinetic Cloud (from P21 on-prem) has a spreadsheet that has multiple data sources via connections to the on-prem P21 database. Since we’re cloud, I had them create BAQs with the data they need, and set up an Access Scope / API Key so they could use replace the old P21 Queries with BAQs. With some help from @Camren360’s posts to help me out, I was able to get that going without much headache.

Here’s my issue now: We have our users authenticating in Epicor with Epicor Identity (IDP). I don’t let them use Basic authentication. But in order to refresh the connections in the Excel sheets, they need to add a ‘Basic’ username and password in order to access the BAQ.

My options as I see them:

  1. Let them maintain a ‘basic’ username and password. I don’t like this, because they’ll just use this and skip the Identity login (and the MFA that comes with it).
  2. Create a service account that all users could use to authenticate on the BAQ API calls. This would require me to give out a username and password to several people. I don’t like that either. I already created this user, and set access to “Disallow” on basically every Menu Security, but I’m not sure if sharing that around will have any other security risks.

Is there a better option that I missed? Or is there a way to potentially eliminate the issues with the options above?

2

There is examples and code in the Epicor IdP help to setup Excel as an app for authentication. Although not tried it I know it is there and may be worth a review.

Alternatively create secondary accounts for those needing to use the excel sheets and on that account setup as basic and apply an access scope that gives access to only a select few BAQs?

2 Likes
3

Thanks, I’ll have to look for that. I was under the impression that API calls required a basic auth or Windows username & password.

That is a viable option, but maintaining 2x users for everyone who needs this would be a huge pain. Probably won’t go that route.

4

Their documentation is better than I expected.

You’ll have to authenticate to help first the way these links work.

1 Like
5

Having trouble with your link. Just keeps telling me to access through Kinetic Help Menu. Is this the page?

image
image1552×420 35.5 KB

6

Same title but different article it looks like. The one in the Epicor IDP docs was updated in January. And it lives under Epicor Management > Identity Provider Administration.

image
image1084×273 34 KB

If you go to Log In - Epicor Identity and click the ? in the top right. Then search for Excel see if you can find the article. It has the code examples mentioned by @BenWheeldon

image
image876×150 12.9 KB