10X ERP Login & Authentication Options

Security Overview and Recommended Best Practices

10X ERP supports multiple authentication methods to accommodate different customer security requirements. While all options are supported, Single Sign-On (SSO) via Google or Microsoft is strongly recommended for improved security, governance, and user management.

Supported Login Options

1. Single Sign-On (SSO) via Google

Recommended

Authentication is delegated to Google Workspace, allowing users to log in using their existing Google credentials.

Key Characteristics

• Authentication handled entirely by Google
• Enforces Google MFA, device policies, and security controls
• No passwords stored or processed by 10X ERP
• Supports centralized user lifecycle management (onboarding/offboarding)

Best For

• Organizations already using Google Workspace
• Teams enforcing MFA and device trust through Google

2. Single Sign-On (SSO) via Microsoft

Recommended

Authentication is delegated to Microsoft Azure Entra ID (formerly Azure AD).

Key Characteristics

• Authentication handled entirely within the Microsoft tenant
• Honors Microsoft MFA, Conditional Access, and device compliance policies
• Requires standard tenant consent for identity-only scopes (OpenID / profile)
• No tenant data access and no software installation required

Best For

• Organizations standardized on Microsoft 365 / Entra ID
• Environments with strict access and compliance requirements

3. Email & Password Login

Supported but Not Preferred

Users authenticate directly within 10X ERP using an email address and password.

Key Characteristics

• Passwords are managed at the application level
• Strong password complexity is enforced
• Does not leverage external identity provider controls

Considerations

• Lacks centralized IT governance
• Offboarding and access revocation must be managed manually
• More susceptible to credential-based attacks compared to SSO

Why 10X ERP Strongly Recommends Google or Microsoft SSO

Using Google or Microsoft SSO provides materially stronger security than application-level passwords alone:

• Centralized Identity Control

  Authentication is governed by your organization’s identity provider—not by 10X ERP.

• Stronger MFA Enforcement

  Leverages enterprise-grade MFA policies already in place.

• Reduced Attack Surface

  No passwords stored, transmitted, or managed by 10X ERP.

• Improved User Lifecycle Management

  Disabling a user in Google or Microsoft immediately prevents access to 10X ERP.

Note that simply turning off ERP Useron the User record in 10X also immediately prevents this.

• Industry-Standard Architecture

  This is the same authentication model used by platforms such as Salesforce, NetSuite, Slack, and GitHub.

Important Requirement for SSO Access

To use Google or Microsoft SSO, the following must be true:

• The user’s email address in 10X ERP must match an active Google or Microsoft account
• That account must exist within your organization’s domain
• The identity provider (Google or Microsoft) must be able to authenticate that user

If a user does not have a Google or Microsoft account tied to their domain email, they will need to:

• Be provisioned one by IT, or
• Use the email/password login option instead

Summary Recommendation