MFA, SSO & User Access Controls
Protecting ERP Access Starts with the Right Controls

User access is one of the most important parts of ERP security. Strong access controls help ensure employees can perform their responsibilities while reducing exposure to sensitive financial, customer, vendor, and operational data.

ACC helps customers review user access, security roles, MFA options, and single sign-on considerations for Acumatica, Sage 100, and related systems.

When access controls are overlooked, businesses can unintentionally create security gaps through excessive permissions, inactive accounts, weak passwords, or shared logins. A structured access management strategy helps reduce risk while improving accountability and visibility across the organization.

What is MFA?

Multi-factor authentication (MFA) adds an extra layer of protection when users log into a system. Instead of relying only on a password, MFA requires an additional verification step, such as:

• A code sent to a mobile device
• An authentication app approval
• A security key or token
• Biometric verification

Even if a password becomes compromised, MFA helps prevent unauthorized access by requiring a second form of verification.

Why MFA Matters

Passwords alone are no longer enough to protect business systems. Cybercriminals commonly target login credentials through phishing emails, password reuse, and automated attacks.

MFA significantly reduces the likelihood of unauthorized access by adding another checkpoint before a user can enter the system.

For ERP environments, MFA is especially important because these systems often contain:

• Financial records
• Vendor and customer information
• Payroll data
• Banking and payment details
• Operational and inventory data

ACC works with customers to review MFA availability and implementation options within their ERP and related applications.

What is Single Sign-On?

Single sign-on (SSO) allows users to log into multiple connected systems using one secure identity provider and one set of credentials.

Instead of maintaining separate usernames and passwords across different applications, users authenticate once through a centralized login process.

Benefits of SSO can include:

• Improved password security
• Fewer password reset requests
• Simplified user management
• Better control over employee access
• Centralized authentication policies

SSO can also make it easier to disable access quickly when an employee leaves the organization.

Administrator Account Protection

Administrator accounts typically have elevated access to ERP systems and should receive additional protection.

Recommended administrator security practices include:

• Enabling MFA for all administrator accounts
• Limiting the number of users with administrative privileges
• Avoiding shared administrator credentials
• Reviewing admin access regularly
• Using separate accounts for administrative functions when appropriate

Administrative accounts should only be assigned to users who truly require elevated permissions for their role.

User Role Reviews

Over time, employees may change responsibilities, departments, or job functions. Without regular reviews, users can accumulate unnecessary permissions that increase security risk.

Periodic role reviews help ensure users only have access to the data and functions required for their current responsibilities.

Areas commonly reviewed include:

• Financial access permissions
• Approval rights
• Report visibility
• Inventory and operational controls
• Administrative permissions
• Integration access

ACC assists customers with reviewing security roles and helping align access with operational responsibilities.

Former Employee Access

One of the most common security oversights is failing to remove access for former employees promptly.

Inactive user accounts can create unnecessary exposure, especially if accounts still have remote access capabilities or elevated permissions.

Organizations should establish a consistent offboarding process that includes:

• Disabling ERP access immediately upon separation
• Removing access to connected applications
• Revoking administrator privileges
• Disabling VPN and remote access
• Reviewing API and integration credentials when applicable

Prompt account removal helps reduce unnecessary security exposure and improves overall access governance.

Shared Accounts and Why They Should Be Avoided

Shared user accounts make it difficult to track activity and reduce accountability within the system.

When multiple individuals use the same credentials:

• Audit trails become unreliable
• Password management becomes inconsistent
• Access cannot be tied to specific users
• Former employees may retain knowledge of credentials
• Security investigations become more difficult

Each user should have their own unique login credentials whenever possible. Individual accounts improve visibility, accountability, and overall security management.

Recommended Review Schedule

User access and security settings should not be reviewed only once. Regular reviews help organizations identify outdated permissions, inactive accounts, and policy gaps before they become larger issues.

A common review schedule may include:

Organizations with compliance requirements or higher security risks may require more frequent reviews.

ACC Can Help Review ERP Access Controls

ERP security is not only about technology. It also depends on consistent user management, strong authentication practices, and controlled access to sensitive business data.

ACC helps organizations evaluate user access structures, review security roles, discuss MFA and SSO options, and improve access management practices within Acumatica, Sage 100, and related business systems.

If you would like assistance reviewing ERP access controls or security practices, contact ACC Software Solutions to start the conversation.