Potential Security issue when using SSO with MS Active Directory

  • 22 October 2020
  • 0 replies
  • 131 views

Userlevel 4
Badge

Hello,

Just a heads-up about a potential issue when using MS Active Directory in Acumatica 19.211.0011.

The way the integration works can be summarised as follows: 

  1. You map AD groups to Acumatica roles (in Acumatica);
  2. When a domain user connects to Acumatica for the first time , a new user is automatically added to Acumatica with the same name of the domain user;
  3. Acumatica then assigns roles to this new user according to the mapping.

However, there is a bug in the API code and a user is created in Acumatica even though the domain user is not in any Active Directory group mapped to Acumatica roles. This new user profile is created automatically in Acumatica for this non-authorised domain user which gets permissions as guests. By default, Acumatica has a couple of screens opened to guests. 

The only thing we can do  for the moment is to ensure that no screen is available for those authorised users (guests). 

Also, it drives us to another problem as client may have let’s say about 300 or 500 employees in the same domain. So, we have a potential situation where we could end up with 300+ user profiles in Acumatica where only 30 or 50 are the actual authorised users. This would be a nightmare for an Acumatica administrator. 

This has been reported to developers but no fix so far. I will keep you posted if I get it fixed. 

 


0 replies

Be the first to reply!

Reply


About Acumatica ERP system
Acumatica Cloud ERP provides the best business management solution for transforming your company to thrive in the new digital economy. Built on a future-proof platform with open architecture for rapid integrations, scalability, and ease of use, Acumatica delivers unparalleled value to small and midmarket organizations. Connected Business. Delivered.
© 2008 — 2022  Acumatica, Inc. All rights reserved