Log into MES with RFID Card

Starting with the basics: Our dedicated MES computers log into MES with a generic shop floor username and password. Then the employees put in their UserID in the box on the left side, hit tab, enter their password, and they clock in for the day, and then start/end activities as the day goes on, clocks out at the end of the day, etc.

This causes for some shop floor staff to be entering their credentials upwards of 50 or more times a day. I have been asked if there would be a way to utilize the RFID cards that we currently use for our building access control system. So, I went and purchased a USB pcProx RFID reader for my cards, plugged it in, configured it to read my cards properly, and that part is done.

Now, what I am trying to do is figure out how (if at all) I can use that USB RFID Reader within MES to clock users in and out.

The RFID Reader acts as a standard keyboard. All of the processing is done in the reader itself. When a card is scanned, it outputs the following (anything within brackets [] can configured to output anything I desire)

[ABC] ### [:] ##### [XYZ] [T] [GN]

  • [ABC] and [XYZ] = Pre and Post data delimiters - Only 3 pre and post delimiters total can be configured. If 3 pre-delimiters are set, no post delimiters can be set. Or I can set 1 Pre and 2 Post, etc.
  • [:] = The delimiter between the Facility Code and the ID Code.
  • [T] = Termination Keystroke
  • [GN] = Card Gone Delimiters - This is triggered when the card leaves the RFID field of the reader.

So, right now if I scan my ID Card with notepad opened up, I get the following:

@987 65432#!^&

  • Pre-Data Delimiter: @
  • Facility Code: 987
  • FAC/ID Delimeter: < TAB >
  • Post-Data Delimtiter: #
  • Termination Keystroke: !
  • Card Gone Delimiter 1: ^
  • Card Gone Delimiter 1: &

I can have as many as those delimiters set as I need, or one of them. As long as the characters are part of the standard ASCII table, it is far game.

I can easily add a new UD to the Employee portion of Epicor to store the Facility and ID number of the cards that are issued to users, that way I can match them via an MES customization fairly easily. However, what I can’t seem to figure out how to do (or if there is even a way) is how to use the ID card to authenticate the user. I was thinking something along the lines of reading the card (using the various delimiters to break it up for manipulation and to know when to start/stop) and comparing that to the EmpBasic table, looking to see which Employee is issued the card that was scanned. I would then verify if the employee has an active laborheader and if so, bypass the password requirement of MES and take them straight to the main screen so they can start/end activities, take lunch, etc.

I would also customize the Clock Out button to ask for their password, just so people are less likely to clock someone else out.

Thoughts? Am I looking at something that is doable, or am I looking down the wrong end of a shotgun? I don’t know if this would be something that could be done via User Impersonation, or if I would have to change everyone’s password to their ID Number and do some hackey thing that way. I am not looking for anyone to say “this is how you should do that”, but more of a conversation about different avenues that one could take to try to accomplish it. I know I can’t be the only person that has thought about doing something like this.

Sounds pretty doable. I’d look at it like the RFID scanner was no different than a bar code reader, or a keyboard.

I assume that the codes in the RFID’s are fixed, or at least have to follow a format for the readers of the other places they are used (the building access control).

My first thought would be to create User IDs that match the scanned value of the RFID card. This would require creating new userIDs for existing users.

Do a search to see what people might have done using bar code scanners to login.

@ckrusen - If I were to change the User ID to match the card ID, we still have the issue with passwords and having to find a way to log the user in with minimal (IE: zero) interaction with the keyboard.

Well, since each MES machine already has a Honeywell 1400G Voyager Linear/Area-Imaging Scanner, I am betting I could do something interesting with that instead. I could easily add a new button to MES that would allow the user to print out a label that they stick to their security card. It would only need the user to enter their password so it could be embedded in the barcode (encrypted, of course). That label would have all of the keystrokes necessary on it to log into MES. I wouldn’t even need the RFID reader then.

Hrmm…okay, now my gears are turning.

One place I worked (that didn’t use Epicor) used bar codes for scanning in workers. There weren’t security issues, so we just had a book that had all the employees listed with the bar code by their name.

I’ve not used MES, but have only experimented with it. And they way I had set it up (probably incorrectly), there was no prompt for a password. Just enter an employee id, and hit tab.

We have it setup to not take any password as well.

MES doesn’t ask you for a password? We need to put a password in when we open MES (double click the icon). Once we do that, and the main MES window opens, when we input our username on the left side and hit tab, we are asked for a password again.

Which password are you not required to enter? Or is it both?

How do you control security and such if you are bypassing the passwords?

The main MES window takes a password, which we have posted under the machine. Username does not prompt for any password.

I guess security hasn’t been much of an issue - the only thing they can do is clock in / out improperly. We only clock into jobs to complete them, everything is set to backflush.

Just to be clear, it is easy to have it setup so it does take a password, we just don’t.

I implemented an Omnikey 5427CK reader for use of Prox II cards with two factor authentication, badge always present (our choice) and a PIN entry. We maintain the card ID on the employee basic table along with their PIN number. In Employee maintenance you just swipe the card on a reader and it assigns it to the current record. I just made a simple WinForm to accept the password and added it as a separate class in the UI customization…works well enough. We use separate dedicated stations for clocking in and out for the day, but if they forgot it does clock them in when they swipe. Happy to help if you have any questions. I used an API from CardWerks that made it pretty simple. The card doubles for logical and physical access to the building so it works pretty slick.


If you don’t assign a user id to the employee record it does not ask for a password when entering the employee id. We have the employee id barcode printed on our id badge that they can scan in mes.

Since you are using generic logons you could have them in the config file.


We are looking at doing something like this as well with Epicor MES. Any new developments? I am interested to find out which option worked the best. Thanks in advance.

Create a employee in employee maintenance. Do not link to a user login on Employee Maintenance > Production Info > User Name field. Use the same ID number from employee maintenance and print it on a card with a barcode and the employees name. Get cheap barcode scanners from Amazon. They should come with a sheet that does keyboard commands after scanning. Set these to tab after scanning.

Set MES to sign in automatically with just a standard login. We have 12 MES machines and the usernames are MES 1…MES 2 (create these in user account). Sign into the user Epicor app, Settings > Preferences > Automatically sign on. Close main application. Now open MES, this should log in automatically without asking for a user login. Will open directly to the employee ID field. Scan and done.

Thank you for the information Kyle.

Awesome explanation!!! We did the same and it works great but how to automate this Select Shift pop up window confirmation?

I did not automate this. We only have one shift. The user can click one time to log into the shift :joy:

I have bar codes for users that can be scanned, but they end up typing them in since they still need keyboard, mouse, or touch screen interaction.

It would be nice to eliminate some steps here.
Client launched on boot
Auto login with credentials in epicor config file

  • Click into EmpID field if its not currently active
    Scan or type bar code for user
  • Press TAB or click Log In
  • Press OK for shift I.D. (We only use 1 shift)

Any ideas on eliminating some of these steps?

Possibly by combining form customization(s) and concatenating characters into your bar code(s)?

Below is a REALLY old (V8) calc field from a Crystal report
where I inserted multiple CHR(s) to navigate thru the different fields, click enter, etc… in the MES Start Activity form. If I remember, I needed to make another version that addressed some timing issues. A little tedious but I did finally get it working… in my case.

// Custom Start Activity Entry form (Process ID UDSPA)
// JobNum + TAB + Asm + TAB + Oper + TAB + ENTER + TAB + ENTER + ENTER
IDAutomation_Code128 ({JobAsmbl.JobNum}& CHR(9)
& ToText({JobAsmbl.AssemblySeq},“0”)& CHR(9)
& ToText({JobOper.OprSeq},“0”)& CHR(9)& CHR(13))

1 Like

you could use windows scheduler to load the client