Is there a way in ECM/Docstar to Automate user sync

Noffie · June 14, 2024, 1:09pm

Whenever we add a new user to our DocStar group that we want synced to DocStar/ECM, we have to manually go into ECM > Admin > Groups and hit the Import button to get the user(s) into DocStar and into the correct groups. Is there any way to just specify that a certain group or groups should be synced automatically every hour or two?

Noffie · June 14, 2024, 1:47pm

Just thought to check Epicor Ideas and found this, although it only has 1 vote so really only confirmation that one other person has this question it would seem.
https://epicor.ideas.aha.io/ideas/ECM-I-1274

MikeGross · June 14, 2024, 3:14pm

Not that I know of. We set ourselves up with LDAP in the beginning and I confirmed that new hires cause my ECM admin to go and ‘import’ again.

I did go and vote on that idea, but I will say that we are Going to convert to Azure AD/SAML when we do the 24.1 update. Now I’m wondering how that works with group memberships and does it automatically update.

Noffie · June 17, 2024, 8:50pm

Interesting, can the Azure AD/SAML be used with on-premise ECM / Active Directory do you know? I mean, I guess we could even use it with our cloud Azure AD (synced from on-prem) if that is needed. Please let us know how it goes Mike.

TobyLai · June 17, 2024, 11:31pm

We use Epicor ECM SAAS, but our Epicor is on-prem. We use SAML, but we still have to create the user name in Epicor ECM and IDC. I have asked whether there is any way to sync user between Epicor and ECM and IDC, but the answer is no.

According to the consultant, it is a cyber security risk if you expose Azure AD for authentication. He suggested to use SAML.

Mark_Wonsil · June 18, 2024, 12:25pm

From: How the Microsoft identity platform uses the SAML protocol - Microsoft identity platform | Microsoft Learn

The Microsoft identity platform uses the SAML 2.0 and other protocols to enable applications to provide a single sign-on (SSO) experience to their users. The SSO and Single Sign-Out SAML profiles of Microsoft Entra ID explain how SAML assertions, protocols, and bindings are used in the identity provider service

Mark_Wonsil · June 18, 2024, 12:35pm

Maybe the consultant was talking about Active Directory Federation Services which had the flaw that was behind the SolarWinds breach. But ADFS is different than Entra ID.

TobyLai · June 18, 2024, 12:42pm

Epicor ECM allows the following authentication provider.

I questioned to the consultant about LDAP and SAML 2.0. He said using SAML 2.0 is more secure. I cannot remember his exact words, but he did not recommend to use LDAP. For us, we only have those 2 options because we are on-prem. We cannot use Epicor IDP.

Mark_Wonsil · June 18, 2024, 12:49pm

Ah, yes. LDAP is not as secure.

This was the confusing statement since Entra ID uses SAML, but that’s not what you were asking.