This lets you indicate whether your entry at the User name login prompt refers to the operator code, or whether the system must use the network user name to establish the operator code.

Indicate the default entry you want to use at the User name field of the Login window.

This lets you indicate whether access to the User name field is allowed.

This lets you indicate whether you want the system to remember previous successful user names entered.

This lets you indicate the default entry you want to use at the Company field of the Login window.

This lets you indicate whether you want the system to remember previous successful login attempts.

This lets you indicate whether access to the Company field is allowed.

Enable this option if you require SYSPRO operators to be managed by Microsoft Active Directory (AD) once assigned within the Active Directory User Management program (i.e. access to SYSPRO will be controlled by Microsoft Active Directory (AD) for the defined operators).

Define the endpoint for the SYSPRO 8 Active Directory Sync Service used when installing the service (e.g. net.tcp://MachineName:30245/SYSPRO.AD.Sync.Service).

Select the Test AD connection hyperlink to confirm that your settings are configured correctly.

Enable this option to receive an email whenever operators managed by Microsoft Active Directory (AD) require configuration or management in the Active Directory User Management program.

The following variables are passed to the email template when the Microsoft Active Directory (AD) synchronization takes place:

• $SsoUserCount$: Count of users added for review.

• $SsoOpChanged$: Count of operators with changes (email, name, etc.).

• $SsoOpActivated$: Count of operators whose status has changed to active from disabled or removed.

• $SsoOpDisabled$: Count of operators whose status has changed to disabled.

• $SsoOpRemoved$: Count of operators whose status has changed to removed.

Select the Configure review email template hyperlink to define the review email template and indicate who must be notified when new users (belonging to the SYSPRO.ERP security group) are added to Microsoft Active Directory (AD)

Enable this to receive an email if the SYSPRO 8 Active Directory Sync Service fails.

The following variables are passed to the email template when the Microsoft Active Directory (AD) synchronization takes place:

• $FailedMsg$: If the synchronization fails then this contains the message as it is written to the log file.

Select the Configure failure email template hyperlink to define the failure email template and indicate who must be notified if synchronization fails.

Enable this to receive an email every time the SYSPRO 8 Active Directory Sync Service runs successfully.

Select the Configure success email template hyperlink to define the success email template and assign which email address must be used.

Enable this option if Multi-Factor Authentication is required when an operator logs into SYSPRO.

This option is disabled by default.

Indicate the operators that require Multi-Factor Authentication:

All operators except 'ADMIN'

Select this to ensure that all operators require Multi-Factor Authentication when logging into SYSPRO (except for SYSPRO operators that have the operator code ADMIN - who should already have a strong password).

Be careful when selecting this option if you don't have an ADMIN operator.

All operators except administrators

Select this to ensure that all operators require Multi-Factor Authentication when logging into SYSPRO (except for SYSPRO administrators - who should already have a strong password).

This option is useful if your systems are down and operators can't access the defined authentication method in order to login to SYSPRO.

An administrator can then still access SYSPRO (without requiring validation by the authentication methods that have been configured) to suspend Multi-Factor Authentication and allow operators to login.

Specific operators

Select this to ensure that Multi-Factor Authentication only applies to specific operators.

Select the Define specific operators hyperlink to define the operators to which this applies.

This method sends an email to the defined MFA operators containing a Time-based One-time Password (TOTP) that is required as part of the verification process.

Indicate whether an operator can enter their own email address when first configuring the email authentication for logging into SYSPRO.

If this option is disabled, the email address defined against the operator code is used and can't be changed.

If the Operator can set own email address option is enabled, use this field to define the pattern to which the manually entered email address should conform.

Use the ; character to separate multiple entries, without spaces.

Indicate whether an operator is allowed to see the email address when logging into SYSPRO.

Select the Configure PIN email template hyperlink to define the email template that operators receive.

Select this to make use of the Google Authentication app (or FreeOTP) for authentication.

A QR code is generated when operators first configure their Google authentication for logging into SYSPRO and a Time-based One-time Password (TOTP) then becomes required as part of the verification process for the defined MFA operators.

A Time-based One-time Password (TOTP) is then required for all subsequent logins to SYSPRO.