Good afternoon,
I tried to use the epicweb search and the kinetic application search for the term “Single Sign On” with the hopes it would show me what to do to get SSO setup. Epicweb returns 0 results, and kinetic search has a lot of unrelated documents that reference SSO.
We are cloud dedicated tenancy.
What guide do I use to get SSO setup? Can I do it all myself, or do I need a support ticket?
Why is it so hard to search for SSO information?
Thank you for your time!
Nate
From the Kinetic User Guide:
Automatically
sign on
Select this check box to indicate you want to log into the application without
entering your user name and password. After you click OK on this window,
your user account name and password are saved with this client installation.
The next time you launch the application, you bypass the login window and
display the application. This check box is available if your system
administrator has activated the single sign-on feature within Password Policy
Maintenance. If this feature is not active, you cannot select the Automatically
sign on check box.
When I look at Pass Policy Maint I don’t see anything about SSO.
LOL: Field Help for User account Security Maint: on Required SSO flag.
Whether single sign-on (SSO) is required to log on.
Select this check box to indicate that this user has to use his/her operating system (Windows, Unix, and so on) logon information as the logon for Vantage.
Single Sign-On (SSO) is functionality that allows users to sign on (log in) to Vantage using the Login IDs and Passwords they use to log into their computer’s operating system (for example Windows, Unix, Linux and so on). In other words, if SSO is enabled, users will not be presented with a Logon window when they click their Vantage icon; they will be taken directly to the application’s main menu.
It’s in kinetic help. You’ll need to configure azure application, one for each environment and separate for web and classic.
Then you need to open a ticket with support for them to configure the app server.
After that configure to azure ad settings inside epicor.
Get the new urls from the cloud download page.
This is not single sign on (sso) it is just saving the password encrypted in the sysconfig file and is classic only
For SSO in the cloud you have 2.5 options.
Kinetic > Entra (Azure AD)
Or
Kinetic > Epicor IdP > Entra (optional)
I always recommend Epicor IdP with Entra if you use it. This is due to the fact that for direct Entra you are responsible for the link and each time a Db copy is done you would need to reenter the settings for that environment (if set up as separate apps) whereas if you use IdP Epicor does this for you. Also using Epicor IdP means you only need to do the setup in IdP and optionally Entra once for all your supported Epicor products, Kinetic, ECM, EpicCare, EpicWeb etc.
Either way it starts with an Epicor support call to enable IdP or Entra on your app servers. Also note there is no longer a change in the URL. You just get different options in a drop down box at login.
Is great! Especially if you’re M365 because your browser is nearly always logged in. Epicor doesn’t seem to do the token refresh flow so you get dumped once in a while but click through the M365 flow again no passwords needed.