ESI JDE SSO Suite

The best and the cleverest SSO choice for JDE

Oracle® Validated Integration for JD Edwards® EnterpriseOne® 9.1 and 9.2

Our ESI JDE SSO Suite cleverly combines compliance, confidence, and convenience.

See customer reviews here

Released in 2008, now it is a very mature, robust, highly flexible and comprehensive turn-key product, which includes dozens of components for any conceivable scenario. It is affordable and widely adopted, the most prevalent SSO solution for JDE on the market, favoured by some of the most significant JDE sites worldwide, with up to 18,000 users per site. It installs in under 2h with our complementary services and support - by far the easiest and fastest installation experience of any SSO solution. And then it simply serves you, silently securing, streamlining and strengthening your business. Note that there are also no ongoing consulting costs, all covered under fixed Maintenance. It was the first SSO solution for JDE, and it's still the best. Nothing could be easier!

Full support for AD, ADFS, Azure, Okta, Auth0, Duo, Oracle Identity Cloud & GSuite with OAUTH2.0 / SAML2 / JWT, as well as per-user selective TOTP 2FA. Linux platform support is also in the pipeline.

Optimized for business, it has functionality to cater for any requirement. It can be adjusted to fit your business, not the other way around. Fully automatic, cleverly designed for performance and usability, meticulously implemented with the best available development frameworks and then well tested, it is light years ahead of the competition in every respect.

This solution includes several advanced security features, not generally found in cheaper knock-offs. It will pass any penetration test and satisfy any audit.

Note that with this solution being OVI-certified, your JDE will continue to be fully supported by Oracle at every stage, uninterrupted. Non-OVI software may often cause support issues for JDE, so Oracle may ask you to remove any such software and re-test the issue(s) without it, before they agree to help.

Current version: 14.5
Oracle® Validated Integration for JD Edwards® EnterpriseOne® 9.1 and 9.2, including 9.2 in x64 bit

Some of our esteemed ESI JDE SSO Suite customers:

This list keeps going, there are also Omron Management Center of America, Pan-American Silver, Pernod-Ricard and others.

  • Product Brief
  • More Details
  • Additional Modules
  • System Requirements
  • Licensing
Improving security, user experience and regulatory compliance, while at the same time reducing maintenance effort and costs, this usually seamless, very flexible, comprehensive, and modern SSO solution will pay off in many significant ways:

  1. It is much easier to setup than any other, typically in ~2h, and with no consulting costs;
  2. It is rather non-intrusive, requiring no changes to JDE configuration;
  3. It can be implemented incrementally, adding a few users at a time, in batches, as convenient. This is a lot easier than the standard JDE "all or none" LDAP integration paradigm;
  4. Consequently, there is no need for any additional consulting expenses to either set it up or to use it and our installation support is free;
  5. The JDE sign-on becomes smooth and absolutely prompt-less with our approach (although it can be configured to prompt the users for their Windows sign-on, if desired);
  6. It is pleasantly flexible, allowing access to multiple Environments and/or Roles with additional prompts, plus the full SSO support for the approval links in standard JDE Workflow messages, Fat/Dev Clients and many 3rd-party solutions;
  7. Through Parameterized URL's, this solution offers instant prompt-less access to specific applications via desktop shortcuts, so the user reliance on JDE menus or E1 Pages can be reduced or completely eliminated, if desired. Full support for Parameterized URL's means that the users can create shortcuts pointing to specific applications - this is even more convenient to use than E1 Pages, let alone Menus and Tasks. An additional clever feature included with our ESI JDE SSO Suite also allows running multiple browser sessions opened into different applications through Parameterized URL's concurrently;
  8. Needless to say, there is no 10-char password limit for Windows accounts, nor a single-Domain limit for the users: it will support multiple AD domains and multiple AD forests and will even work for external non-Domain users;
  9. Remarkably, it can concurrently support multiple user authentication methods, including NTLMv2, Kerberos, Client Certificate Authentication, JWT and SAML2 Authentication, among others, as well as concurrently support multiple target systems' authentication methods. It also has a number of token exchange interfaces, allowing external developers to easily exchange one type of authentication for another.
  10. Importantly, this solution also supports multiple JDE accounts per user;
  11. And no less importantly, we support all JDE releases from XE (!!!) upwards, including multiple JDE systems concurrently, even on different release levels;
  12. Many 3rd-party integrations are available: Reports Now, K-Rise, Cantara, RFGen, Okta to name just a few and more are possible if needed.
  13. External IdP integration would of course offer multiple additional Enterprise-wide authentication options, including 2 factor / multi-factor authentication. That is on top of the 2FA capabilities supported by our SSO natively - see the Additional Modules tab;
  14. Highly secure prompt-less SSO is possible for non-Domain, external and mobile users with minimal configuration.
  15. Cloud SSO can be set up in a variety of ways for Amazon, Azure, Oracle, Duo, Auth0, Okta, etc. IdP's.
  16. We support JWT authentication into JDE, introduced by Oracle in TR925. This option can take passwords out of the picture entirely.
  17. Support for Server Manager and Orchestrator Studio SSO - these are commonly missing in competing products.
  18. Advanced cybersecurity features of this solution ensure it would pass any penetration test and/or audit and would collect additional details for some operations that are usually overlooked by competition.
  19. Of course, this SSO solution will also save a lot of time to both the users and the IT support, since there is no longer any need to manually maintain JDE passwords.
  20. ESI JDE SSO Suite has many built-in interfaces to deal with different token exchange scenarios and 3rd-party integrations, including a few mobile App vendors. For instance, we can accept user authentication through JWT and return a SAML2 token back to the caller, or accept SAML2 token and return a JWT token back, or an immediate AIS authentication token. This is an integrator's dream. Mobile app developers can begin using this immediately. As an example, and a WARNING! - this is rather technical, here's one such interface guide document: ESI JDE SSO - JWT to AIS token exchange.pdf
  21. SAML2 SSO capabilities also mean we can provide same seamless SSO access, through the same SSO installation, to any other SAML2-compliant target application, like Oracle Analytics Server, Hyperion, Ariba, etc., in exactly the same non-intrusive fashion as we do it for JDE. Concurrently.
While this solution is in most cases completely prompt-less, in cases when the user needs to be prompted, the screens presented to the user can be customized and easily translated into any number of languages supported by the user browsers and all users will receive such prompts in their native tongue, i.e.:

Translated Prompt

Please e-mail us if you would like to trial this solution in your environment and we will supply you with the software, assistance and a limited trial license at no cost.

In all JDE implementations, the user, password and generally authentication management are all big issues, consuming sizeable amounts of effort and ultimately costing companies a pretty penny at the end of the day. A number of real and perceived issues, surrounding all standard approaches offered by Oracle(R), are frequently preventing JDE customers from implementing any of these "standard" solutions. There is a clear need for some alternative to fill in this gap. Something that is secure, easy to understand and implement, more flexible, convenient to use and also well documented.

With this SSO solution, the authentication is effectively delegated to Active Directory and all JDE aspects of it are effectively removed from the picture, now silently managed by our SSO software in the background. And all of this happens without the complexity of setting it all up within JDE, while delivering some serious additional benefits which are not available with the standard JDE LDAP integration. Yet, despite the fact that it's not at all identical to JDE LDAP integration, it is still an LDAP integration, just a different kind. A much friendlier kind. And with much more power and flexibility.

This is a many-in-one solution. It concurrently resolves a wide range of issues in JDE:

  1. It implements JDE Single Signon WITHOUT configuring JDE for either LDAP or Oracle SSO, in fact without any special configuration in JDE at all - this will save you a lot of time and pain!
  2. When signing in into the JDE WEB or Fat client, this solution ELIMINATES THE JDE PASSWORD PROMPT entirely, relying on Windows authentication to seamlessly authenticate the users - this will save your users time and make their JDE experience better! (In some cross-forest scenarios and for external users, there will still be a log-in prompt for the AD credentials.)
  3. The standard JDE approach requires Windows User Names to be identical to those of JDE Users + imposes the 10-char restriction on the password length. While this SSO solution ELIMINATES THESE REQUIREMENTS, your Windows User Names and Passwords can be as long, or indeed as different from JDE's as desired. This will give you the flexibility most sites need! The mapping of Windows Users to JDE Users is handled by this software and the process is also simple and easy.
  4. All standard approaches limit the users to a single JDE account per Windows account, while our solution allows any Windows account to be associated with multiple JDE accounts.
  5. Moreover, this solution practically ELIMINATES PASSWORD MANAGEMENT in JDE, by entirely concealing the JDE passwords and effectively replacing the manual JDE signon with an automated process - this will reduce your support costs and again, save time to your users! And because JDE passwords are now out of the picture, there are no restrictions on the users' password length.
  6. And to top it all, this solution will at the same time LOAD-BALANCE the JDE WEB Servers - it's just a nice extra feature we could include in this solution at no extra cost! In fact, the unlicensed users of this software can also enjoy this feature, so this solution can be used as a single entry point into JDE for both licensed and unlicensed users.
  7. And many more, including federation with multiple Clouds, 2FA/MFA, etc.
This solution is typically non-visual: when everything is configured and works as expected, the users won't even see it. And if there are any errors that the users should be notified about, this solution shows itself and presents the user with a helpful screen, detailing the error and the possible solution.

The installation is simple and easy, administration is streamlined and intuitive. If you ever used our software, you would know that our solutions are extremely easy to work with, nothing like you've ever seen before. If you are trying to compare the necessary implementation efforts with the JDE LDAP authentication implementation requirements, it will likely take 10-50 times less effort with this solution. This solution can deliver massive savings, it would typically pay itself off within a few months.

Moreover, these two separate products - this SSO and the USM (ESI JDE User Self Management) can be integrated together: the passwords reset with this USM software can be valid for the SSO software as well, with just a single integration setting in the INI file. And the bundle of these two solutions also comes with a built-in discount. Please, e-mail us for more details about this integration.

Nothing can be easier!

This solution can be implemented in hours. Installation support is free. All JDE releases from XE and up are supported for WEB, Portal and Fat Clients (including Citrix). As far as the JDE backend and WEB platforms are concerned, this solution is independent of either one (provided that it is OW/E1 and not World and bearing in mind that it does need an IIS server somewhere in your network to run on). Nothing needs to be installed on the clients in order to use this solution (except in some special cases for advanced functionality), so all and any client platform and browser are supported, including Linux, WTS, etc. Please note, that IIS running the core SSO module and the SSO Manager - the two components of this solution, can both be installed in a single VM and this VM can even be running some old OS like Windows 2003 to save on the license costs.

Please, e-mail us for more details or to request a Trial (full functionality, with time and user count limited). The Installation Guide included with the trial provides all the technical details.

Here's a simplified process diagram, illustrating the main steps and components of the process:

Single-Domain installations are, of course, very straight-forward in terms of their design: everything will be installed in the same single Domain. With multi-Domain or multi-Forest installations, we will discuss the available options to help you decide which AD configuration will suit you best: the core SSO server(s) can be installed in a single central location, or in multiple locations, depending on how you would like the users and the licenses managed.

  • A TOTP 2FA plug-in for ESI JDE SSO Suite, independent of anything else and easily configurable by user. Since ESI JDE SSO Suite supports multiple, even concurrent, IdP's for external authentication, and those offer their own 2FA features, it's now possible to implement some external 2FA, for instance using Microsoft Azure / Entra, and then also add this TOTP 2FA over it. The result of that would be the usually lax prompting by Azure (it has no way to enforce 2FA for every sign-on, the maximum frequency of 2FA in Azure is every 1h, but typically it would not even do that, unless the user has authenticated from a new device), plus also a guaranteed 2FA per-User, for every sign-on, by this TOTP 2FA plug-in.

    ⚠ Note, that this 2FA feature would apply, per user, irrespective and on the top of any other MFA, which may also be provided by Duo, Azure, Okta, etc. For instance, Azure can be used for a lax 2FA, prompting all users for second factor authentication only once a week, while our 2FA would prompt selected power users for every sign-on on top of that.

    ⚠ Note, that ESI JDE SSO Suite can also prompt the user for AD authentication, for every sign-on, if so desired.

    ✨ Here's a short video, showing 2FA enrolment process and the subsequent sign-on step with a 2FA prompt:
    SSO with 2FA - Registration and Use

  • An alternative way to do SSO for Fat/Dev Client users with an additional FatRunner plug-in. Traditionally, we only used AD authentication for Developers, so no additional authentication options set up on the SSO Server, like 2FA, would normally apply to Fat/Dev clients. But with this plug-in, it would put the user through the SSO process, as set up on the SSO Server, which may be using Microsoft Azure / Entra, or Okta, etc. authentication, either with or without the TOTP 2FA above. This ensures guaranteed 2FA per-User, for every sign-on, for all Developers.

    ✨ Here is a short video, showing this new Fat/Dev Client SSO process, including a TOTP 2FA prompt, using the plug-in above:
    Fat Client SSO with 2FA

  • With additional security in mind we have developed a JDE plug-in that would prevent direct access to JDE WEB/JAS/AIS Servers. At the same time, this component would log the failed attempt, listing the timestamp and the client's IP address in a separate log file:

    Preventing Direct Access and more
    ⚠ Note, that this plug-in allows access from configured IP addresses, etc.

    This component is available separately and can be used with or without ESI JDE SSO Suite.

  • Good solutions are often all about good interfaces and we have many bundled interfaces available out of the box, including token exchange to convert various tokens from one format to another. Now, there is also an advanced SAML2 SSO integration add-on, which allows seamless SAML2 SSO access to any SAML2-enabled application, like Oracle Analytics Server, Hyperion, Ariba, etc.

    ✨ Here is a short video, showing this new SAML2 SSO process to access WebLogic Admin Console, as a simple example. This is, of course, not limited to just this Admin Console, the sky is the limit:
    WebLogic SAML2 SSO

    This component is available separately, but can only be used with ESI JDE SSO Suite.

    ⚠ Note, that this SAML2 SSO can be used alone - without JDE in the picture, or concurrently with JDE SSO, even on the same server.

    ⚠ Note, that our SAML2 SSO implementation really cuts through the complex maze of convoluted and often poorly documented and confusing configuration options in multiple large systems and we will configure it for you, under Maintenance Agreement and at no extra cost, in under an hour - that's an instant significant savings. You will appreciate it, if you have ever tried setting up SAML2 integration before.

This software is absolutely independent of JDE or JDE platform, but it typically requires a dedicated or shared Virtual or Physical Server running any release of Windows from 2003 and up, with any release of MS IIS, on either Intel or AMD CPU in either 32- or 64-bits, as a Server for this solution.

You will typically need to stand up a new Windows Server VM (preferably 2008+) with 2 CPU threads (1 hyperthreaded core), 2-4GB RAM and ~30GB free disk space (after all OS Updates, Paging file, etc.) This should be sufficient for up to low thousands of users, but may need to be doubled for high thousands of users. This server could be shared, or the installation may be completely server-less in some scenarios.

JDE Releases: XE (B7333), ERP8 (B7334), B9 (E1 8.9), E810, E811 (including E811 SP1), E812, E900, E910 (OVI), E920 (OVI).
JDE Backend Hardware Platforms: hardware-independent - all platforms supported by JDE are supported.
JDE Backend Database Platforms: DB-independent - all platforms supported by JDE are supported.
Client Machine Software Requirements: none, but different browsers may place different restrictions on the available functionality and the sign-on prompt.
Client Machine Hardware Requirements: has no requirements above those of the browser.
The licensing works as "Per Named Windows User with JDE Access", but it does not need to include all Windows Users. In fact, it does not even need to include all Windows Users with JDE access: some users can continue to use the traditional JDE sign-on mechanism. There are no restrictions on how many SSO Servers you can install - the licensing only accounts for the Users. The licenses are sold in 100 user packs.

The optional Yearly Update/Upgrade Subscription is available at the time of purchase (not available separately) for an additional yearly fee. It is payable in advance per license, per year. It includes premium support and all software updates released during the paid period. Its cost is calculated as 20% of the product's list price at the time of invoicing, as may change from time to time. Unless the software is purchased for a single use application, we generally recommend to opt in for this Subscription: any future JDE Tools Releases and Releases/Updates may require an updated version of this solution and it's generally more cost-efficient compared to one-off Upgrades.
 
Related products:

For Security & Systems Management:
JDE User Password Self-Management - JDE USM
JDE SSO and USM Bundle - JDE SSO and USM Bundle