Hi,
Client asked me if Sage X3 can control Sage X3 login to single session only as part of company security policy.
Concern of breached account coming from non-local network address.
Scenario example:
I login to the Sage X3 remote server, and from here, I open a browser session to login Sage X3 website as admin . Syracuse create a session for this with `ERPDEV` badge.
I login to my workstation (connected to public Internet), and from here, I open a browser session to login Sage X3 website as admin. Syracuse create yet another session for this with `ERPDEV` badge.
I now have two admin of different IP and different session using 2/2 ERPDEV badges.
The client request is, can this first IP session (in this case, the remote server one) lock the session and block access until this session is expired/logged out? Which means, if I try login my workstation's session from public Internet now, it will be blocked from access despite correct password because the admin session is in use now from Sage X3 remote server. The only way for my workstation's session from public Internet to access if no session is active and on a first come first receive basis.
An alternative implementation requested is IP whitelisting per login but this looks like an extreme setup and can be very tedious to maintain for each key users.
Chun Heng Lee
