2

Related to the outlook add-in for Acumatica... When our users try to authenticate with their azure login, we see the following error.

https://www.dropbox.com/s/le7t3ez5ua69qls/Screenshot%202020-04-23%2019.18.52.png?dl=0

NOTE:

  • we have 2 factor authentication on for our users through office 365, but i don't think that is the issue as i disabled and also tried using a app password which would bypass the 2 factor

  • we have customized the outlook plugin and it works just fine when use a regular login (direct username and pwd into acumatica as opposed to using single sign on)

Cory
  • 305
  • 1
  • 8
  • Are you using Seamless SSO for your users? Also, what version are you using? We had some issues with accounts in the 2020R1 initial release that were fixed in the latest release. – KRichardson May 08 '20 at 17:52
  • @KRichardson I'm not sure if "Seamless SSO" is different than the SSO (Azure login icon), but i think yes, we are using the SSO for most of our users. We are on 2019 r1. I'm being told by our support partner that Acumatica said this is a limitation with outlook (https://learn.microsoft.com/en-us/office/dev/add-ins/develop/sso-in-office-add-ins). Are you saying you are able to have a user login using the SSO Azure from within the outlook add-in? – Cory May 08 '20 at 21:07

1 Answers1

0

We are running Acumatica 2020 R1, and have this working. I am not sure if it will work in 2019R1, but you can give it a try.

Our environment is synced with Local AD through Azure AD Connect. We have seamless SSO enabled with Passthrough Authentication, and the group policy trust enabled for the workstations. This allows the users to sign into office 365 from their domain controlled computers.

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start

When we enable automatic signon through AzureAD in the web.config, it works like a charm. We had issues in previous versions of Acumatica with our ADFS deployment. To enable automatic SSO in Acumatica you can modify your web.config:

<externalAuth authUrl="Frames/AuthDock.ashx" silentLogin="Federation" externalLogout="True" selfAssociate="True" instanceKey="" claimsAuth="False">

I would give this a try on off hours to see if it works with Outlook, and maybe change your production instance to sign in this way. You can always get to the login page by visiting https://acumaticainstance/Frames/Login.aspx?SilentLogin=None

Maybe setting auto signin will fix outlook and be easier for those users, and be more beneficial than the non-azure users?

KRichardson
  • 990
  • 7
  • 12
  • This doesn't work with the Outlook add-in, unfortunately. It still shows you the Acumatica login page, without the ability to use SSO to authenticate. – Gabriel Jun 01 '21 at 18:18