Just a heads-up about a potential issue when using MS Active Directory in Acumatica 19.211.0011.
The way the integration works can be summarised as follows:
- You map AD groups to Acumatica roles (in Acumatica);
- When a domain user connects to Acumatica for the first time , a new user is automatically added to Acumatica with the same name of the domain user;
- Acumatica then assigns roles to this new user according to the mapping.
However, there is a bug in the API code and a user is created in Acumatica even though the domain user is not in any Active Directory group mapped to Acumatica roles. This new user profile is created automatically in Acumatica for this non-authorised domain user which gets permissions as guests. By default, Acumatica has a couple of screens opened to guests.
The only thing we can do for the moment is to ensure that no screen is available for those authorised users (guests).
Also, it drives us to another problem as client may have let’s say about 300 or 500 employees in the same domain. So, we have a potential situation where we could end up with 300+ user profiles in Acumatica where only 30 or 50 are the actual authorised users. This would be a nightmare for an Acumatica administrator.
This has been reported to developers but no fix so far. I will keep you posted if I get it fixed.