Sage 100

Background:
I have a customer who presently uses Unified Logon.
They are high security - using unified logon which helps to ensure that users are meeting the password requirements outside of Sage ( much more robust than Sage's password rules ). Plus it's one place to change passwords.
They are adopting Beanworks/Sage AP Automation which does NOT support unified logon and requires the use of a Sage account to synchronize data

Question:
Is there any way to turn off unified logon, AND still require that passwords are changed every xx days and to exempt just that one synchronization account from password change rules.

The business problem is that:
- The company is high security - so password change requirements are not going away
- By moving from Unified to "regular" Sage logons they lose an easy way to keep that Sage account running the sync tool updated with password changes.
- It wouldn't be ideal but would be slightly more manageable if that Sage account running the sync was exempted from password change and the regular Sage users still had to change passwords.

I'm pretty sure they answer to this is no. Just trying to do some advance prep before I get the order from the customer to have Sage on the call to give the definitive answer.

------------------------------
Wayne Schulz - Schulz Consulting - 860-516-8990
------------------------------

I found there was an existing request for this on the Sage suggestion site - https://www5.v1ideas.com/TheSageGroupplc/Sage100ERP/Idea/Detail/27988

------------------------------
Wayne Schulz - Schulz Consulting - 860-516-8990
------------------------------

Try a hack?  DFDM the PasswordDate in SY_User to something in the future... I'm guessing this is what Sage uses to enforce the password expiry timing.


------------------------------
Kevin Moyes
Technical Systems Analyst
Munjal White Consulting Co.
Toronto ON
------------------------------

Good idea. I think this date might be the last time the password was changed. I don't know if changing it to a future date would cause any issues.
I tested this on a customer site and when it forced me to password change the date in that field was today's date ( Julian 7 char )

------------------------------
Wayne Schulz - Schulz Consulting - 860-516-8990
------------------------------

Original Message:
Sent: 10-30-2020 14:50
From: Kevin Moyes
Subject: Possible to have password never expire?

Try a hack?  DFDM the PasswordDate in SY_User to something in the future... I'm guessing this is what Sage uses to enforce the password expiry timing.

------------------------------
Kevin Moyes
Technical Systems Analyst
Munjal White Consulting Co.
Toronto ON
------------------------------

Wayne I'm pretty sure Beanworks uses BOI (verify that!) and that's why it can't support Unified Logon. But I'm also pretty sure you can keep Unified Logon while also keeping a specific Sage user / pswd for Beanworks sync. IOW, Unified Logon controls user access to Sage through the Launcher only. Via BOI and ODBC, it is ignored.

Side Note: BOI and ODBC access is still controlled by checking User Account Locked or setting Expires date in User Maintenance. Also ODBC Security in Role Maint.

If I understood correctly what you're after, then with this "trick" you can presumably:
a. Keep Unified Logon for the enhanced security
b. Establish a Sage user/pswd for Beanworks only while exempting it from Sage pswd rules

Via a quick test, I mimicked these steps and successfully ran my own BOI app with Unified Logon ON:
1. Temporarily turn OFF Unified Logon in System Configuration. This did not wipe out any Sage passwords for me.
2. If not already done, go to User Maintenance and add a Beanworks user/pswd.
3. Test Beanworks sync to make sure it works with the user/pswd you just added.
4. Turn ON Unified Logon in System Config. In User Maint the password field is NOT available anymore as expected. Also the stored pswd for Beanworks user is NOT wiped out for the purpose of retaining ODBC and BOI access, neither of which support Unified Logon.
5. Test Beanworks again and verify it still works. 
6. Test Unified Logon still works by having a user start Sage normally and verifying they automatically get logged in and see the Launcher.

------------------------------
Alnoor Cassim

Email: alnoor@asifocus.com
Ph: 949-689-9887
Orange County, CA
------------------------------

Original Message:
Sent: 10-30-2020 15:32
From: Wayne Schulz
Subject: Possible to have password never expire?

Good idea. I think this date might be the last time the password was changed. I don't know if changing it to a future date would cause any issues.
I tested this on a customer site and when it forced me to password change the date in that field was today's date ( Julian 7 char )

------------------------------
Wayne Schulz - Schulz Consulting - 860-516-8990
------------------------------


Original Message:
Sent: 10-30-2020 14:50
From: Kevin Moyes
Subject: Possible to have password never expire?

Try a hack?  DFDM the PasswordDate in SY_User to something in the future... I'm guessing this is what Sage uses to enforce the password expiry timing.

------------------------------
Kevin Moyes
Technical Systems Analyst
Munjal White Consulting Co.
Toronto ON

This makes sense. I’ve for sure had users with unified logon have to create a login/password for ODBC/Crystal access. I never realized that BOI would be similar.

There are probably not a large number of Sage 100 users that this impacts so perhaps Beanworks just tells everyone to turn off unified login to make setup easier.

I will update this post once the customer tests and provides feedback.

Thanks!

---------------------------------
Wayne Schulz - Schulz Consulting - 860-516-8990
---------------------------------



Original Message:
Sent: 11-02-2020
From: Alnoor Cassim
Subject: RE: Possible to have password never expire?

Wayne I'm pretty sure Beanworks uses BOI (verify that!) and that's why it can't support Unified Logon. But I'm also pretty sure you can keep Unified Logon while also keeping a specific Sage user / pswd for Beanworks sync. IOW, Unified Logon controls user access to Sage through the Launcher only. Via BOI and ODBC, it is ignored.

Side Note: BOI and ODBC access is still controlled by checking User Account Locked or setting Expires date in User Maintenance. Also ODBC Security in Role Maint.

If I understood correctly what you're after, then with this "trick" you can presumably:
a. Keep Unified Logon for the enhanced security
b. Establish a Sage user/pswd for Beanworks only while exempting it from Sage pswd rules

Via a quick test, I mimicked these steps and successfully ran my own BOI app with Unified Logon ON:
1. Temporarily turn OFF Unified Logon in System Configuration. This did not wipe out any Sage passwords for me.
2. If not already done, go to User Maintenance and add a Beanworks user/pswd.
3. Test Beanworks sync to make sure it works with the user/pswd you just added.
4. Turn ON Unified Logon in System Config. In User Maint the password field is NOT available anymore as expected. Also the stored pswd for Beanworks user is NOT wiped out for the purpose of retaining ODBC and BOI access, neither of which support Unified Logon.
5. Test Beanworks again and verify it still works. 
6. Test Unified Logon still works by having a user start Sage normally and verifying they automatically get logged in and see the Launcher.

------------------------------
Alnoor Cassim

Email: alnoor@asifocus.com
Ph: 949-689-9887
Orange County, CA
------------------------------


Original Message:
Sent: 10-30-2020 15:32
From: Wayne Schulz
Subject: Possible to have password never expire?

Good idea. I think this date might be the last time the password was changed. I don't know if changing it to a future date would cause any issues.
I tested this on a customer site and when it forced me to password change the date in that field was today's date ( Julian 7 char )

------------------------------
Wayne Schulz - Schulz Consulting - 860-516-8990
------------------------------

Update: The customer has been self-implementing this and came back to me to say that it appears Beanworks requires unified login to be disabled. We did try to create an account and it worked for initial testing but we think that's only because unified was turned off during the time that Beanworks was doing the setup.

I haven't been engaged on this project and am providing only forest fighter break/fix support on this particular issue. I wanted to update this post in case anyone runs into this with Beanworks.

Realize that larger organizations do have very valid requirements for using unified login so just telling an existing user to disable unified is not the best solution.

------------------------------
Wayne Schulz - Schulz Consulting - 860-516-8990
------------------------------

Tell Sage this limitation will prevent sales to customers who need Unified, and that may catch someone's attention.

------------------------------
Kevin Moyes
Technical Systems Analyst
Munjal White Consulting Co.
Toronto ON
------------------------------

Original Message:
Sent: 11-19-2020 09:23
From: Wayne Schulz
Subject: Possible to have password never expire?

Update: The customer has been self-implementing this and came back to me to say that it appears Beanworks requires unified login to be disabled. We did try to create an account and it worked for initial testing but we think that's only because unified was turned off during the time that Beanworks was doing the setup.

I haven't been engaged on this project and am providing only forest fighter break/fix support on this particular issue. I wanted to update this post in case anyone runs into this with Beanworks.

Realize that larger organizations do have very valid requirements for using unified login so just telling an existing user to disable unified is not the best solution.

------------------------------
Wayne Schulz - Schulz Consulting - 860-516-8990
------------------------------

I think in this case the customer would still complain about the lack of password policy options. Sage 100 isn't ideal for a company with a stringent IT department since the core product was written for a much simpler time when security was not as much of an issue.  I believe Sage could have kept up their technology but the steady rotating cast of product managers and global strategies has unfortunately distracted everyone in charge who could have done something.

------------------------------
Wayne Schulz - Schulz Consulting - 860-516-8990
------------------------------

Original Message:
Sent: 11-19-2020 09:51
From: Kevin Moyes
Subject: Possible to have password never expire?

Tell Sage this limitation will prevent sales to customers who need Unified, and that may catch someone's attention.

------------------------------
Kevin Moyes
Technical Systems Analyst
Munjal White Consulting Co.
Toronto ON
------------------------------


Original Message:
Sent: 11-19-2020 09:23
From: Wayne Schulz
Subject: Possible to have password never expire?

Update: The customer has been self-implementing this and came back to me to say that it appears Beanworks requires unified login to be disabled. We did try to create an account and it worked for initial testing but we think that's only because unified was turned off during the time that Beanworks was doing the setup.

I haven't been engaged on this project and am providing only forest fighter break/fix support on this particular issue. I wanted to update this post in case anyone runs into this with Beanworks.

Realize that larger organizations do have very valid requirements for using unified login so just telling an existing user to disable unified is not the best solution.

------------------------------
Wayne Schulz - Schulz Consulting - 860-516-8990

IMO Sage is not a company that creates software.  They purchase and sell software, while making minimal efforts towards maintenance.  The corporate culture is not friendly to innovation and true visionary software development.  Sure, they have some very talented technical people, but Sage will never compete with the Silicon Valley types when it comes to modern software.

Since Sage is all about Sales, saying something is a barrier to selling is about the only thing they consistently pay attention to.

------------------------------
Kevin Moyes
Technical Systems Analyst
Munjal White Consulting Co.
Toronto ON
------------------------------

Original Message:
Sent: 11-19-2020 10:21
From: Wayne Schulz
Subject: Possible to have password never expire?

I think in this case the customer would still complain about the lack of password policy options. Sage 100 isn't ideal for a company with a stringent IT department since the core product was written for a much simpler time when security was not as much of an issue.  I believe Sage could have kept up their technology but the steady rotating cast of product managers and global strategies has unfortunately distracted everyone in charge who could have done something.

------------------------------
Wayne Schulz - Schulz Consulting - 860-516-8990
------------------------------


Original Message:
Sent: 11-19-2020 09:51
From: Kevin Moyes
Subject: Possible to have password never expire?

Tell Sage this limitation will prevent sales to customers who need Unified, and that may catch someone's attention.

------------------------------
Kevin Moyes
Technical Systems Analyst
Munjal White Consulting Co.
Toronto ON


Original Message:
Sent: 11-19-2020 09:23
From: Wayne Schulz
Subject: Possible to have password never expire?

Update: The customer has been self-implementing this and came back to me to say that it appears Beanworks requires unified login to be disabled. We did try to create an account and it worked for initial testing but we think that's only because unified was turned off during the time that Beanworks was doing the setup.

I haven't been engaged on this project and am providing only forest fighter break/fix support on this particular issue. I wanted to update this post in case anyone runs into this with Beanworks.

Realize that larger organizations do have very valid requirements for using unified login so just telling an existing user to disable unified is not the best solution.

------------------------------
Wayne Schulz - Schulz Consulting - 860-516-8990

As long as the user account you create for integrations never logs into the Sage 100 launcher it should never be prompted to change the password. I've done this at clients with strict password security where we have integrations.

------------------------------
Bill Pfahnl
Nims & Associates
------------------------------