Home
Login
Sign Up
Profile Options
Tools
Edit Profile
Manage all aspects of your profile here including demographics, emails, notification settings, etc...
Change Password
Begin the password change process
Email Subscriptions
Manage your opt-in/opt-out email subscriptions
View Profile
View your profile - what other's see
Sign-out
Sign out of this community
1-800-819-1190
Contact support line
Smart Connect
Connect with others and manage various member options
View QR Code
View your profile QR Code - Connect and or share your contact information
Tour Page
Take an interactive tour of this page
Knowledge Base
Visit the knowledge base for more info
Insights
Member reporting and analysis
Terms of Use
Cookies
Privacy Policy
Contact Us
Help
 
 

Site Menu

Forum | Message
SSO with Azure AD, FactoryTrack
Jeremy Bull *MUGA
BC:

Question:

Article:

SSO with Azure AD, FactoryTrack

Yes I know, not M3 exactly, but trust there are enough customers out there using M3 + FT. Question is about how to manage FactoryTrack credentials (logging into a handheld device) when using Azure AD/SSO to push users into Infor OS.

Process we've landed on is: User is added to an AD Group and pushed to Infor OS; each group is assigned default security roles based on whether the user will be in M3, FT, or both; if applicable, OS will push the user into the FT User program; from  Read more...the FT User program, someone manually inputs a password, which is then also provided to the end user.

End result is the user can login to Infor OS using SSO but has to use the provided password to login to FactoryTrack on their handheld. This feels wrong but deemed necessary because access to the handheld has no login of its own, so there would be no user session to login to FT with using SSO.

Are we missing something? Is there a way of using SSO in FT on a handheld device? Or a better way of dishing out access that doesn't involve engaging with Azure, M3, and FT just to setup one user? Show less...
Delivered Read
Uncategorized
Group: *MUGA
1
7
222
Latest msg: Got my hands on one of our handhelds and confirmed that yes, the SSO "flow" works just fine in the FT Android app--so this post is now less ... from Jeremy Bull, on 05/08/2024

Comments (7) (Descending Chronological Order)
There are no comments at this time, be the first to comment

Jeremy Bull
BC:
Got my hands on one of our handhelds and confirmed that yes, the SSO "flow" works just fine in the FT Android app--so this post is now less about the feasibility of SSO and more about a lingering detail.

The problem we're still stuck on is how the SSO experience will work for coworkers that do not have an email or company device, and only operate a handheld. In theory they would be provided an Azure AD password and user ID which will get them through the first part of  Read more...the login experience. Next up is the MFA portion--we cannot enforce that these coworkers use something like Okta on their personal device to conduct MFA. They have no means of setting up a security question (and generally we don't allow that as an MFA option). And any solution with a dongle/pin code/etc. would be deemed not flexible/scalable for us.

So--assuming we want to use standard options and not engage a 3rd party (yet?) to build a workaround solution, and seeing as an Infor OS user cannot be managed by the AD and be assigned a password at the same time, we seem to be left with one option--these coworkers are not pushed into Infor OS from the AD and are instead created directly in OS and assigned a password (since they would not have an email to receive a welcome email to).

No real question in there, but maybe some folks have an opinion of that's what we're left with? If we want named users in FT? Show less...
Russell Jones
BC:
@jeremybull Single-sign on is definitely possible [and recommended] Hoping link below is helpful:

https://docs.infor.com/factorytrack/7.00.x/en-us/ftm3olh/default.html?helpcontent=m3factorytrack/ruz1548243749323.html&hl=sso
Elise Sheppard
BC:
ha! didn't notice that it rendered into an emoji, apologies! replace it with a lower-case p.
We run ours in a web wrapper called Velocity so we can lock the users down, and customize and control keyboards. When they launch it, it takes them to the Microsoft SSO page. They log in, then FactoryTrack takes over. Works pretty well!
Jeremy Bull
BC:
@eshepp can't figure out where that link is trying to take me, but your emoji seems to be interfering with it 😃 What's the experience with SSO on the scan gun then? Similar to what Patrick said where the user is logging in with their AD credentials?
Elise Sheppard
BC:
You can use SSO! Not sure if you have to turn it on with Infor first, but we sign in directly with SSO.
If you need more info, I'll see if I can hunt it down.

 Read more... https://ft7a.ft.inforcloudsuite.com/WSWebClient/MobileForm.aspx?ForceSSO=1&IOS=mingle-sso.inforcloudsuite.com&Mode=cloud&configgroup=TENANT_NAME&form=M3IconMenu.mobi&😜age=light&tenant=TENANT_NAME&useworkstation=1 Show less...
Jeremy Bull
BC:
Noted ... thanks for that!
Patrick Suminski
BC:
Hello,

Our solution for this was to implement a launcher that runs on top of our mobile devices. The users sign into the launcher using their AD credentials, which generates an SSO token which is used to sign them into M3 or FactoryTrack (or any other apps you may add to your devices that authenticate through Azure). The vendor we worked with is BlueFletch, and the product is BlueFletch Enterprise.

Best,
2

Online