Extend your company's existing identity/authentication system into Epicor CPQ. Give your users fewer passwords to remember, and your infrastructure greater security.
Epicor CPQ accepts authentication requests through Microsoft Entra ID (formerly Azure Active Directory), which connects to many different identity providers and protocols, like SAML, OpenID, and others.
User Experience
After the SSO sign up is complete, users can authenticate using a new SSO Sign-in link on the login page.
Clicking the button starts the SSO process.
Clicking "Sign-in without Azure AD" link below the button shows the standard login page.
Prerequisites
In order to connect Epicor CPQ to Microsoft Entra ID, you need the following:
- An Entra ID (formerly known as Azure Active Directory) account. This account can be connected with your identity provider, and supports most of the common protocols including SAML and OpenID.
- A user who has Company Administrator access to both the Microsoft Entra Directory and the Epicor CPQ portal.
Setting up Epicor CPQ to Connect to Microsoft Entra ID (formerly Azure Active Directory)
To start, navigate to Settings > Integrations in the Epicor CPQ Admin Portal.
Check "Enable SSO." In the field that says Tenant ID, fill in the GUID Directory ID. It can be found by navigating to your Entra Active Directory portal, and going to the Properties screen.
In this example, the Entra Directory ID "ffffffffffff-ffff-ffff-ffff-ffffffffffff" is copy-pasted into the Tenant ID field in Epicor CPQ:
Alternately, you can use the "friendly" directory id (e.g. yourcompany.onmicrosoft.com). Be aware that if you change this friendly name at any time in your Entra ID Active Directory portal, it may require you to revisit this page to integrate again.
Click "Sign Up" and you will be directed to a page to enter your credentials for your Entra Active Directory. You will then need to grant permissions.
After the connection has been made, you should see options for the connection (such as SSO timeout), and a grid under the page which will allow you to map your Entra ID groups to Epicor CPQ roles. By doing so, users who log into the Epicor CPQ portal via SSO will be automatically given the CPQ roles that match their Entra ID groups.
If you do not see available directory groups to map, try logging out of Epicor CPQ, and then use the SSO Signin Link on the login page to sign in again.
Additional Considerations
If your users or automated processes must re-enter their username/password too often, solutions include:
- each user can set "Remember Me" to true when entering their username/password. This extends their session timeout.
- an administrator can increase the "User Session Lifetime" to a higher number.
Remember to use settings which align with your company's security standards.