On the Third Day of ECHO, my sys admin gave to me, swift yet safe: Auto-Login in Epicor 10.1 and beyond.
Interacting with technology can become a perpetual struggle between ease-of-use and security-of-use. The two seem at odds, such that increases in security reduce the ease-of-use, and vice versa. I once worked for a company that increased security after a user opened an infected email attachment and blew up her computer. Thereafter, all email attachments were cloud-scanned before anyone could open them. Safe—but now it took an extra five minutes to view an attachment. We used to joke to ourselves that our network admin was going over the files byte-by-byte with a pair of tweezers in one hand and a scalpel in the other.
That is to say, Epicor users generally like things quick and dirty, while admins like things safe and clean. Early versions of Epicor adhered to the quick and dirty principle: In early versions of Epicor, automatically logging into Epicor, in the absence of a single sign-on setup, was relatively easy—it was as simple as plugging the user ID and password into the .sysconfig file:
<!– provide values for UserID and Password to enable auto-login –>
<UserID value=”manager” />
<Password value=”manager” />
This capability was especially helpful for those interacting with the system via Epicor’s Manufacturing Execution System (MES) or Handheld (HH) clients. But storing plain-text passwords in a configuration file has long been anathema to system administrators. As such, starting in version Epicor 10.1, a number of changes were made to improve Epicor’s security architecture. As part of this effort, the ability to store passwords as plain-text in .sysconfig files was removed. It was replaced with a more elegant means of achieving the same ends through the application itself. The setup requires steps from both the Epicor administrator and the end user.
To allow users to auto-login, perform the following steps, while logged in as a security manager:
- Open the “Password Policy” form (located under System Setup > Security Maintenance).
- Select the “Allow save password” checkbox and save.
Epicor End User:
For those who intend to utilize auto-login capability, users must save their credentials in the following manner:
- Log into the workstation as you normally would, using your Epicor username and password.
- From the Epicor Homepage, click the “Settings” tile:
- Select the “Preferences” option:
- This will open the Preferences window. Select the “Automatic sign on” checkbox and click the “OK” button to commit the changes:
The next time the user logs in, the auto-login functionality will be invoked.
Note: The above user steps can only be done after the Epicor admin has performed the necessary prerequisite steps, else the user will receive the error below:
As part of our ECHO Epicor managed hosting solution, we’ve helped a number of customers migrate from Epicor’s older config file-based methodology to its current auto-login configuration. The above configuration is a one-time “set it and forget it” activity, which allows the user to utilize the auto-login functionality without issue. In this way, Epicor has devised a solution that improves security without impeding ease-of-use—it is swift, yet safe.
If you liked reading the “Third Day of ECHO” return to our main list to read all of the other “12 Days of ECHO” posts.