Login and Authentication

Exploring

Welcome to SYSPRO.

In order to successfully launch the product, you need to authenticate your access.

Authentication Methods

If no other authentication method has been configured for your company, then access to the product requires valid entries of the following:

  • User name

  • Company ID

  • Associated passwords (If passwords have been configured against the user name and/or company ID)

If Multi-Factor Authentication is configured for your company, then access to the product requires valid entries of the following:

  • User name

  • Company ID

  • Associated passwords (If passwords have been configured against the user name and/or company ID)

  • Additional authentication method defined (i.e. email or Google authentication)

Multi-Factor Authentication is a process that identifies a user by validating two or more authentication methods from independent credential categories. This ensures that a user is only granted access after successfully presenting two or more pieces of evidence to the authentication mechanism.

In SYSPRO, the traditional user name and password has been bolstered by the addition of Email and Google authentication to improve security during the login process.

  • Email authentication sends an email to MFA-defined operators containing a Time-based One-time Password (TOTP) required as part of login verification.
  • Google authentication uses an app to generate a QR code for first time user configuration and a Time-based One-time Password (TOTP) is required as part of the verification process for subsequent logins.

If SSO using Active Directory is in use for your company, then access to the product requires the following:

  • Microsoft Windows authentication

SSO using Active Directory in SYSPRO provides a simple to setup and robust method of using Microsoft Active Directory (AD) to control SYSPRO users.

Once configured, it enables a complete single sign-on experience as SYSPRO users are authenticated by Microsoft Windows and then simply use a shortcut to run SYSPRO without being prompted for a user name and password at the login screen.

It means that a SYSPRO site can use Microsoft Active Directory (AD) to add, change, disable and delete operators virtually seamlessly. Any changes to user attributes automatically reflect against the SYSPRO operator without manual intervention.

If SSO Identity Provider Integration is in use for your company, then access to the product requires the following:

  • Identity Provider authentication using one of the following providers:

    • Google

    • Microsoft

    • LinkedIn

  • Company ID

  • Company password (If required)

Enhancing user convenience while fortifying system security, the SSO Identity Provider Integration feature empowers users to access SYSPRO using trusted identity providers, creating a unified and secure authentication flow.

Once authenticated, SYSPRO users are automatically logged in, without them having to enter the traditional SYSPRO username and password.

Overview topic

SYSPRO Authentication

Topics

SSO Identity Provider Integration

SSO using Active Directory

Multi-Factor Authentication

SYSPRO Installer

Setup programs

License Manager

Password Definition

Setup Options

Company Maintenance

Operator Maintenance

Query programs

View Users

Display Users Logged in

Starting

The following configuration options in SYSPRO may affect processing within this program or feature, including whether certain fields and options are accessible.

The Setup Options program lets you configure how SYSPRO behaves across all modules. These settings can affect processing within this program.

Setup Options > System Setup > Login

  • User name options
  • Company options

  • Single sign-on identity providers

  • Single sign-on

  • Multi-factor authentication

  • Multi-factor authentication methods

Solving

This message is displayed if you enter an operator that is configured as a Service Account in the Operator Maintenance program, but which is not yet configured correctly with the SYSPRO Cloud ERP Active Directory.

Contact your SYSPRO Cloud Administrator within the SYSPRO Cloud team to establish the status of the Service Account.

This message is displayed if you select the Change password button in the SYSPRO Web UI (Avanti) to update the password against the operator and the company configured against the _ESP operator is invalid.

Access the Operator Maintenance program, then search for and select the _ESP operator.

At the Defaults pane select the Details tab and enter the default company at the Company field.

All service operators, i.e. operator codes that start with an underscore such as _ESP, must have a valid default company code assigned as we need a company code to log in via e.net.

This depends on the version of SYSPRO 8 that you are running:

  • SYSPRO 8 2021 R1 onwards:

    When the underlying SYSPRO Server Run Time System (RTS) detects an unexpected problem, the RTS diagnostic files are written to the \Work\Diagnostics folder using a new naming convention that includes the date and time, and the current contents of the black box are appended to the existing log, providing a trace of the events leading up to the RTS error.

  • SYSPRO 8 2020 R2 and prior:

    When the underlying SYSPRO Server Run Time System (RTS) detects an unexpected problem, SYSPRO records a message in the _SYSPRO64_DLL_Exceptions.txt diagnostic log within the \Base\Settings folder.

SSO using Active Directory:

  • This method is ideal for sites using the SYSPRO Desktop user interface, as each user has to login to their Windows client environment. This option allows a site to leverage the user authenticated by Windows to login to SYSPRO.

  • This option is not suitable for users using the SYSPRO Web UI (Avanti) as users can connect via any device (such as a phone or tablet) where Windows authentication is not appropriate.

SSO Identity Provider Integration:

  • Each Identity provider allows various additional validation over the traditional user name and password, including the use of authenticator applications, and other forms of Multi-Factor Authentication. These providers are often already in use across the organization, so users are already comfortable using these common dialogs.

  • The SSO Identity Provider Integration works across the SYSPRO Desktop and SYSPRO Web UI (Avanti) user interfaces, providing a consistent experience across SYSPRO interfaces and the rest of the organization.

View the following topic for more information regarding the various authentication methods available in SYSPRO 8:

SYSPRO Authentication

Service operators are created by SYSPRO and are used by SYSPRO services to obtain information about SYSPRO.

The service operator code starts with a double underscore to differentiate them from other operators. A default company code must be assigned to each service operator within the Operator Maintenance program, as we use the company code to log in the service operator via e.net .

The following is a list of service operators and their function within SYSPRO:

  • The __ADSYNC service operator is used by the SYSPRO 8 Active Directory Sync Service to push Microsoft Active Directory (AD) information into SYSPRO for Active Directory managed operators.

  • The __DFM service operator is used by the SYSPRO 8 Document Flow Manager Folder Poller and SYSPRO 8 Document Flow Manager Queue Poller to monitor folders, send files to the queue and process files.

  • The __ESP service operator is used by the following services:

    • SYSPRO 8 Espresso Service,

    • SYSPRO 8 Espresso Notification Service,

    • SYSPRO Espresso Development Plugin and the

    • SYSPRO Avanti Web Service to obtain information for the password reset and forgot password functionality.

  • The __POS service operator is used by the SYSPRO 8 Point of Sale Services to determine and validate the setup options and required credentials at start up, update the required databases and post to SYSPRO (if the Point of Sale operator doesn't have access to SYSPRO).

  • The __RUL service operator is used by the SYSPRO 8 Rules Engine Service and the SYSPRO 8 Rules Data Service.

  • The __SA service operator is used by the SYSPRO 8 Analytics service to make business object calls.

  • The __SAI service operator is used by the SYSPRO 8 Machine Learning service.

  • The __SRS service operator is used by the SYSPRO 8 Reporting Host Service and the SYSPRO 8 Cognitive Service to manage client-side report printing.

  • Only specific services use service operators to log in via e.net.

  • SYSPRO creates service operators by copying the ADMIN operator. If the ADMIN operator record doesn't exist (i.e. it may have been deleted), then the current operator is used when saving system details from the Setup Options program.

Using

  • The SYSPRO icon is created as part of the installation procedure can be configured to automate the login procedure, if required.

Referencing

Field Description
User name

Enter a valid user name.

You can't access this field if your system is configured to establish the user name from either the network or a login environment variable, without the option to override the operator entry.

Under Windows, you set the login variable in the autoexec file. If you are using Novell, you set this variable in the autoexec file or the login script. Under Unix, you set this variable in the impvar file.
Password

Specify a valid password, if one has been assigned to the user name entered.
Company

Enter or browse for a valid company to which you have access.

The browse icon is only available after you Tab off the User name or Password field.

To access the License Manager, select the browse icon, followed by the License Manager option.
Password

Specify the password that has been assigned to the company (if one has been configured).
Login

Select this to login to SYSPRO.

  • The SYSPRO login and authentication process saves the date and time each time an operator successfully logs into SYSPRO. This information is also updated when an operator logs in via an e.net business object.

    You can view the last login date and time in the Operator Browse listview.

  • If the system detects that you are already logged in, then it automatically removes all entries from the user file relating to the user name. A warning message is displayed indicating that any operator using the user code has been logged out.

    This message can be suppressed by appending the /F or /f parameter to the command line statement that launches SYSPRO.

    In a Client/Server environment, the program generates a file called: ADMCSS.TXT containing details of the process id's and Client id's enabling you to log out users on Windows NT.

  • You cannot login to the system in a client/sever environment when the system detects that the client and server are pointing to the same \Base folder.

    SYSPRO can give unpredictable results if SYSPRO is installed on the client in exactly the same location as the application server.

    An error message is displayed indicating that SYSPRO must be installed to a different location on the client and SYSPRO then exits gracefully.

  • When logging into a company has been prevented, the SYSPRO Client is ended when the login prevented message: Operators have been disallowed from logging into SYSPRO is displayed.

    The system does not return the operator to the login screen.
Forgot password?

Select this if you have forgotten your password.

When selecting OK, the following happens:

  • A temporary password is generated for your account and the previous password is invalidated.
  • The new password is sent to the email address defined against your operator.
  • Before a new password is generated you are asked to confirm your operator email address.
View Users

Select this to identify who is accessing the system using the Display Users Logged in program and to establish what programs are currently running.
Exit SYSPRO

Select this to exit from SYSPRO.