The business case is: The customer has POS and other single sign on application the user uses installed on the PC. The customer wants all user to have their own Windows logon and not a common user logon into Windows for all POS users. The customer wants to have a single sign on for applications and a fast switch in Windows to switch between POS users.
Looks like there are fundimental things that need to be changed regarding MPOS/CPOS, so this can work, like the activation process.
The idea regarding the activation, would have to be changed from being activation per userprofile per device, over to one activation per device. That could make it possible to run more than one instance of MPOS, with the same teraminlId.
Could maybe also be a fist step over to a easier switch between environments for developers if the activation would be changed to make it possible to change the config in the DLLHost.exe.config file to allow the developers to switch environments.
Comments
Up voting this Idea.
We are getting the same request from our Customers.
Regarding the Activation process, we are good with the current way that is handled, and how the Authentication is setup for RSSU deployments of Retail Server. Not easy but doable.
Regarding signing in as a Cashier/Store Manager to MPOS or CPOS it would benefit for organizations that centralize their user management on Active Directory (AAD or simple AD). Multiple times required by Audit purposes.
Some details to consider to share for this Idea:
-In an RSSU or MPOS Offline Scenario in which the Store or Terminal does not have connection to the AD to authenticate we envision 2 possible scenarios
scenario 1 - Deploy a sort of AAD replication service, that could be achieved is the Organization runs a local Active Directory that is synch with Azure AD
scenario 2 - While connected to internet allow the Single-sign on with the Azure Credentials that are properly mapped to a Worker in Dynamics 365 Commence ( D365 for Retail), but if offline, resort to the standard WorkerID-Password scenario.
Category: Employee Management
Administrator on 9/10/2020 6:50:00 AM
Thank you for providing this great feedback! In case you're not aware, in 2020 Release Wave 1, we launched a new feature to allow configuring Azure AD as authentication method for POS. Please check the feature documenation Enable Azure Active Directory authentication for POS sign-in for more details and try it out. In the initial release of AAD logon feature, single sign-on was not yet supported, the POS sign-in screen requires users to always type in AAD account and password. Current design was primarily to address the security concern that with shared device, the previous signed-in user's credentials might be used to access POS or perform sensitive operations without that user even realizing it. However, we've heard similar feedback from other customers like you that in the situation of shared device with isolated OS accounts, SSO for POS is very much needed. We're considering to enable SSO as a configurable option to enhance the AAD logon feature. This is already on our roadmap, and we will communite the detailed plan via our semi-yearly release plans. - Boyce Zhu, Senior Program Manager, Dynamics 365 Commerce.