11 Jun Single Sign On (SSO) for Sage 300
In a recent Aptus internal training session the topic of password management and security was raised. While this is a large and opinionated topic there was a general agreement of do not reuse passwords and make you passwords complex (which is another topic in itself!). Whether you manage your passwords using a piece of paper, memorising a pattern on the keyboard, or using a software password manager, not having to create and store another password is always a win.
Enter Single Sign On
Sage 300 and X3 use a user ID and password for authentication. By default, this is created and held within the product. However, both support alternative methods of authentication. For this post I will be talking about windows authentication for Sage 300, but the concepts are similar across implementations.
The concept is that they allow you to sign into the application using valid credentials from another system. This is generally known as Single Sign On (SSO). The benefits of using SSO is that a user can sign on once and use those credentials across multiple applications without further login prompts. Any password changes will only need to occur on the primary authentication system and not on each individual application.
A value-add that Aptus Business have provided to our customers is enabling the SSO features of these systems. By working closely with the customer’s IT and operations team and understanding their needs and security requirements, we have ensured that the organisation does not have to compromise security for user experience.
Enabling Windows Authentication for Sage 300
The following is a quick how-to enable Windows Authentication for Sage 300. This setup is normally performed by a Sage 300 administrator user. The process involves setting the user authentication method from Sage to Windows, specifying a Domain and User Name. See the Administrator Guide for full details.
In the example we have assigned the APTUS Sage 300 user ID to use the ADMINISTRATOR Windows user account.
If the user signs on to Windows using that account, then signs on to Sage 300 with the same domain and ID, they will not need to provide a password.
This allows entry into the application using a password that is managed by a central authority. This central authority can control the complexity and password policy. In the event that a user’s Windows password changes there is one less application to update a password in.
See our other posts for other underutilised features.