Okay, so have read. Some (ok, most) is still over my head.
But one thing jumped out at me. Microsoft 365 uses AAD for authentication? Okay, does that mean I could piggyback onto that for Kinetic? And if so, is that only in the browser or can I still deploy over RDS? And if so, can that be done using https instead of (soon to be deprecated) tcp?
We had a ticket open for getting into my Kinetic dev environment. All our users except the manager and service accounts are windows AD accounts, and I haven’t been able to get in with those. So thus far only able to tinker with kinetic.
Epicor pretty much threw up their hands, apparently deploying over RDS is not that common.
But if we could use our existing M365 setup including MFA, that could make a huge difference.
Yes. You have only one AAD (or should) so piggy back away. And if you use Azure AD Connect, it will sync their Windows passwords with AAD. It’s the same password for Kinetic web and the .Net client too. Since Epicor 10, ERP has always been a web service at heart run via Internet Information Server (IIS).
I’m not following how you’re deploying Epicor via RDS. Published apps?
yes, published apps. At the validation stage in 2017 the local client was found to be too slow. So we have a small TS group with the local clients on them, published over RDS.
AAD should still work with published apps. Once the browser client is full-featured, you’ll be able to do away with the TS Farm.
Yes, if you’re already on M365 then you have AAD in place. There are add-ons to AAD that give you extra security. If you have E3 or higher licenses then you already have the Premium 1 (P1) add-on. This gives you on-prem security + cloud plus self-service password reset. P2 gives you some nice security features: Privilege Identity Management (give acess to a resource for a specified period of time, audited, reviewed, extra MFA…), conditional access (required extra security for certain resources based on time of day, IP location, etc), access reviews, and the ability to have group “owners” manage their group.