Ok On-Premie's: Single Sign On

I’m testing adding Windows authentication to our Demo 10.2.500 server. I’ve added a new application server that points to the same database but I cannot connect to the application server. I get the error that the user is not setup for SSO.

But in the User Account:

What might I be missing?

Dumb question but your service user exists in AD right?

Yes. I am logged in as that very user while running the Admin Console as well.

When you configured the App server binding did it test successfully? Might be helpful to see that config too. I have a .500 environment I could compare to

Spitball: are the domain and user ID backwards?

Was the user setup as SSO before the upgrade?
If so make a change (any small change) to the User in Epicor 500 and Save

I had a similar issue when we tested Azure AD, something (not sure what) changed in 500 and it required a “refresh” of the account…
Check the Require SSO Checkbox and Save and then revert… (or something of the sort)

We use Windows binding on our primary App (PRD_102300). And I added another App(PRD_102300_WUC) to use Windows User Channel (actually called “Username Windows Channel” in EAC), and everything works fine.

Here’s the first Sheet settings for each

The second sheets (Database Connection) are identical

The 3rd sheet (Admin Console) has a significant Diffs. User Win Channel requires an Epicor user and password to be specified (one that is a Sec Manager, I’d guess)

1 Like

Could be a ID 10 T error…one moment.

Not the Issue that Jason pointed out though…

Also …

  • None of our E10 user accounts have “SSO Required” enabled.
  • Make sure the “Domain” and “Domain User ID” are set for the account that you specify in the Admin Console settings sheet
  • Launch EAC using the account specified in the EAC Admin Console Settings.
    (edit: Or at least as a domain user whose E10 user is a Sec Manager)
1 Like

Boom. I’m in.

Soooooo, when you’re testing with the Education database, be sure to point your appserver to that database and not your upgraded database. :man_facepalming:

Thanks everybody. Be gentle, I’m a cloud guy.

:rofl:

4 Likes

One more question though. With a new appserver, do I have to worry about BPMs, etc. running on both appServers? Is there a configuration piece I’m missing like the shared folder?

1 Like

BPM code as of… 10.2 runs (unless told otherwise) from DB bloobs. So you should be fine.

1 Like

Thanks @Mark_Wonsil and everyone for working this out. It’s on my project list so we can go SSO when 600 drops…

3 Likes