Yes I know, not M3 exactly, but trust there are enough customers out there using M3 + FT. Question is about how to manage FactoryTrack credentials (logging into a handheld device) when using Azure AD/SSO to push users into Infor OS.
Process we've landed on is: User is added to an AD Group and pushed to Infor OS; each group is assigned default security roles based on whether the user will be in M3, FT, or both; if applicable, OS will push the user into the FT User program; from Read more...the FT User program, someone manually inputs a password, which is then also provided to the end user.
End result is the user can login to Infor OS using SSO but has to use the provided password to login to FactoryTrack on their handheld. This feels wrong but deemed necessary because access to the handheld has no login of its own, so there would be no user session to login to FT with using SSO.
Are we missing something? Is there a way of using SSO in FT on a handheld device? Or a better way of dishing out access that doesn't involve engaging with Azure, M3, and FT just to setup one user? Show less...
Our solution for this was to implement a launcher that runs on top of our mobile devices. The users sign into the launcher using their AD credentials, which generates an SSO token which is used to sign them into M3 or FactoryTrack (or any other apps you may add to your devices that authenticate through Azure). The vendor we worked with is BlueFletch, and the product is BlueFletch Enterprise.
You can use SSO! Not sure if you have to turn it on with Infor first, but we sign in directly with SSO. If you need more info, I'll see if I can hunt it down.
@eshepp can't figure out where that link is trying to take me, but your emoji seems to be interfering with it 😃 What's the experience with SSO on the scan gun then? Similar to what Patrick said where the user is logging in with their AD credentials?
ha! didn't notice that it rendered into an emoji, apologies! replace it with a lower-case p. We run ours in a web wrapper called Velocity so we can lock the users down, and customize and control keyboards. When they launch it, it takes them to the Microsoft SSO page. They log in, then FactoryTrack takes over. Works pretty well!
Got my hands on one of our handhelds and confirmed that yes, the SSO "flow" works just fine in the FT Android app--so this post is now less about the feasibility of SSO and more about a lingering detail.
The problem we're still stuck on is how the SSO experience will work for coworkers that do not have an email or company device, and only operate a handheld. In theory they would be provided an Azure AD password and user ID which will get them through the first part of Read more...the login experience. Next up is the MFA portion--we cannot enforce that these coworkers use something like Okta on their personal device to conduct MFA. They have no means of setting up a security question (and generally we don't allow that as an MFA option). And any solution with a dongle/pin code/etc. would be deemed not flexible/scalable for us.
So--assuming we want to use standard options and not engage a 3rd party (yet?) to build a workaround solution, and seeing as an Infor OS user cannot be managed by the AD and be assigned a password at the same time, we seem to be left with one option--these coworkers are not pushed into Infor OS from the AD and are instead created directly in OS and assigned a password (since they would not have an email to receive a welcome email to).
No real question in there, but maybe some folks have an opinion of that's what we're left with? If we want named users in FT? Show less...
