SSO (Azure Entra) - some native (green button) users unable to log in.
Following upgrade to 24.1 native users that have associated MYOB Secure Auth accounts can't log in until these associations are cleared.
Date: 03/04/2025
Status: Resolved in 2024.2 release.
Reference: CE00056688
Issue
Native login (not SSO) users that have MYOB ID Secure Authentication associations from before upgrade are unable to log in once a site with SSO active is upgraded into the 24.1 version of Acumatica.
Recommended Approach
When a site starts using Azure Entra SSO they should add external users to their Entra directory, this gives their IT greatest control over whether a user can access their Acumatica site as they can then disable a user's access directly in their Azure Entra settings.
Workaround
Clear the associated identities from the user, this can be done in the External Identity Management (MYSM2065) screen.
To have access to other users in this screen, you must have the External Identity Manager role to view/access (Without this role, you can only see/manage your own account.)
If no user can access your user to remove the 2FA association raise a case with support with reference CE00056688 for assistance.
Context
When Azure Entra SSO is turned on for a MYOB Acumatica site, MYOB Secure Authentication is automatically turned off.
When a native user has as MYOBID associated to it, 2024.1 attempts to force them to log in using MYOBID, although MYOBID is off, leading to an error and the login screen being returned.
This has been resolved in the 2024.2 update.