SSO & changing user

Epicor ERP 10
1

We use SSO (hard coded in the config file) but I’m having a problem with my account.

In order to get around that, I have a test account that I use. When I login to the test account and try to use the ‘Change User’ function to a security admin, it still has the test account cached.

I know this, because after the change user function, when I try to access a company (that the test user doesn’t have access to, but the security admin does) I get this error message:

Invalid company 04 for user [TESTUSER]

I tried clearing the cache after I did the change user, but it still doesn’t work.

Does anyone know how to force it to switch so I can use Security Admin?

2

Try clearing the local %Temp% folder.

4

Cleared it, tried again, still doesn’t work.

5

What version are you on?
In E10, if you have configured the AppServer End Point for SSO, you are not allowed to change Users. We did have a bug (and maybe still do?) where we offered the Change User option even though it does not actually change the user. I thought that in one of the newer versions we had removed the Change User option when SSO was in play.

1 Like
6

10.0.700.4

I have done it in the past, but it’s always been finicky

7

Figured out a workaround to fix this.

Thanks.

8

Post your solution/workaround please.

And FWIW - We user Windows Authentication (which is kind of like SSO), and to run the client as another user, Hold the SHIFT key down and right click the client icon. Then select “Run as Different User”

image

You’ll then have to provide the users Active Directory (i.e. Network login) name and password

image

4 Likes
9

Thanks to help from Epicor, we setup a Non-SSO AppServer (because SSO is dependant on the AppServer setup) so for this AppServer you will want to select “UsernameWindowsChannel” as the Net.Tcp Endpoint Binding:

image
image.png882×333 14.6 KB

Then we have a separate Non-SSO Epicor icon that we use to log into Epicor that prompts us for a username and password every time:

image

image
image.png376×533 13.2 KB

image

image

image
image.png975×605 44.2 KB

1 Like
10

You forgot to add /classic to the shortcut’s target. :wink:

Note to others… this isn’t really necessary.

1 Like
11

LOL! Ah! Kickin it “Old School” I see… :sunglasses:

I’m just a “Shell” kinda Gal…must be the Mermaid in me. :mermaid: :laughing:

Edit:
You’re so classic!

1 Like
12

Next version they should rename the switch to /OldSchool :wink:

2 Likes
13 
/stationarycheese
3 Likes
14

The issue was that I setup a menu item with the same ID as a menu item that already existed. Epicor kicked me out and any time I tried to log back in, it would give me an error message.

So I just ran a SQL script to change the Menu ID and was able to log back in.

1 Like
15

Just curious… Did that affect everyone, just users with rights to that menu, or just you?

If just you, another user (with the appropriate rights) could have logged in and undid it.

16

Just affected me.

Unfortunately nobody else has appropriate rights - or didn’t anyways. I upped the rights for my test user in case this happens again in the future and will use this as an example during audit time when they ask why certain users have Security Admin rights.

1 Like
17

I’d open a ticket with support, as it seems like you shouldn’t be able to lock your admin out due to it allowing you to accidentally duplicate a menu ID. (assuming you did it through E10, and not a backdoor via SQL)

1 Like
18

Yep, was through E10.

I was surprised that it didn’t do a validation for an existing Menu ID first before it let me save. I could’ve sworn it did that in the past.

Either way, I did open up a ticket and they were useless. That’s why I just ran the SQL script.

19

It does. Or at least in the version that I’m in…it warns me all the time if I accidentally use a Menu ID that already exists. Strange that it wouldn’t have warned you. We are on 10.1.600.