Quantbit's LDAP connector connects ERPNext to your organization's Active Directory or OpenLDAP server. When an employee types their domain username and password on the ERPNext login screen, the credentials are authenticated against Active Directory — not a separate ERPNext password. ERPNext roles are mapped to Active Directory security groups, so when someone moves to a different department or gets promoted, updating their AD group instantly changes their ERPNext permissions. When an employee leaves and is disabled in Active Directory, they immediately lose access to ERPNext — no separate IT action required on the ERPNext side.
Yes. Quantbit's Microsoft Entra ID connector adds a "Sign in with Microsoft" button to the ERPNext login page. Employees authenticate using their existing Microsoft 365 credentials — the same username and password they use for Outlook, Teams, and SharePoint. No separate ERPNext password is created or required. Entra ID security groups are mapped to ERPNext roles so access levels are controlled from Microsoft's admin console. Multi-factor authentication configured in Entra ID automatically applies to ERPNext logins as well.
Let employees log into ERPNext with the same credentials they use for Microsoft 365, Google Workspace, or your company's Active Directory. No separate passwords, no IT helpdesk calls about ERPNext logins, no access that lingers after someone leaves.
You already have an identity provider managing your company's users. ERPNext should respect that system — not maintain a parallel one. Our connectors make that happen.
For companies running Microsoft 365 — the most common setup in Indian mid-market and enterprise companies. Employees use their Outlook credentials to access ERPNext, and IT manages everything from the Azure portal.
For companies using Google Workspace — common in startups, IT companies, and modern mid-market businesses that have moved away from on-premise Microsoft. Google credentials grant ERPNext access seamlessly.
For companies with on-premise Windows Server and Active Directory — still the dominant setup in manufacturing, government-adjacent businesses, and established enterprises. ERPNext authenticates against your existing AD server without requiring cloud identity services.
The real value of SSO integration is not just the login button — it is that every identity event in your central directory automatically reflects in ERPNext.
HR creates the user in Active Directory or Entra ID. The ERPNext account is provisioned automatically with the correct role based on the department group — no separate ERPNext user creation needed.
IT moves the employee to a different AD group reflecting their new role. ERPNext permissions update automatically. No ticket to the ERPNext admin, no manual role reassignment.
AD account is disabled by HR or IT. ERPNext login is blocked immediately. No risk of a suspended employee accessing financial or sensitive business data.
AD account is deactivated on the last working day. ERPNext access is revoked at the same moment — no orphaned accounts, no security risk from ex-employee credentials.
SSO integration tends to happen after an incident — a security audit finding, an ex-employee access scare, or a week where IT spent more time resetting ERPNext passwords than doing anything else.
A 300-employee auto components manufacturer in Pune ran Microsoft 365 for email and Teams — every employee had an Entra ID account and used it daily without thinking about it. But ERPNext had its own separate login system. Every few weeks, someone would forget their ERPNext password and raise a helpdesk ticket. The IT manager was handling twelve to fifteen ERPNext password reset requests per week on average. During month-end closing when more people than usual were logging in, it could hit twenty-five in a single week. After the Microsoft Entra ID SSO integration went live, the password reset requests dropped to near zero overnight. Employees just click "Sign in with Microsoft," use the same credentials they use for Teams, and they are in ERPNext. The IT manager used the time he reclaimed to complete a network infrastructure project that had been pending for eight months.
An IT services company in Bengaluru conducted an annual security audit and ran a comparison between their active employee list in Entra ID and the active users in ERPNext. They found twenty-three accounts in ERPNext belonging to employees who had left the company in the past eighteen months — some of whom had left under difficult circumstances. Three of those accounts still had access to sensitive financial data. Nobody had deliberately ignored this — it was simply that the ERPNext admin was a different person from the Entra ID admin, and offboarding for one system did not automatically propagate to the other. After the Entra ID SSO integration, all twenty-three accounts were deactivated immediately as part of the cutover. Going forward, when HR disables an Entra ID account, ERPNext access disappears at the same moment. The next security audit found zero orphaned accounts.
A multi-specialty hospital in Kolhapur ran ERPNext HISx for billing, pharmacy, and patient records. The clinical staff — nurses and junior doctors — were supposed to log patient data directly into ERPNext during their shifts. But the reality was that they were already logged into their hospital's Google Workspace accounts on shared computers, and having to log out and log into a completely separate ERPNext account was enough friction that many of them skipped it and gave data to the billing desk to enter later. Patient record data was always an hour or two behind. After Google Workspace SSO was integrated with ERPNext, clinical staff click "Sign in with Google" and they are in ERPNext within seconds using the credentials they are already logged into. Adoption of direct clinical data entry went up significantly, and the billing team's data entry load dropped because nurses and doctors were updating records themselves.
A manufacturing group in Sangli operates four companies — a foundry, a forging unit, a trading arm, and a holding entity — each with its own ERPNext company setup but on a shared instance. Each company had employees who needed different roles in ERPNext, and managing who had access to which company's data was complex. When someone moved from the foundry to the trading arm, their ERPNext permissions had to be manually updated by the group IT admin — who often did not hear about internal transfers until a week or two after they happened. After LDAP integration with the group's on-premise Active Directory, each company's employees are in a separate AD organizational unit, and ERPNext permissions are managed through AD group policies. An internal transfer is handled in AD, and ERPNext access changes automatically — correctly, immediately, and without the IT admin needing to know about every internal movement.
A trading company headquartered in Muscat had staff working in India, Oman, and Kenya — all needing ERPNext access. Managing separate ERPNext passwords across three geographies, especially for staff who were not tech-savvy, was a continuous problem. Forgotten passwords from staff in Kenya who only used ERPNext monthly were the norm. After Microsoft Entra ID SSO integration, all staff globally use their Microsoft 365 credentials — which they use every day for email and Teams regardless of location. The Entra ID account is the single login that works for everything. For staff in low-connectivity areas, the connector's offline session token approach means they can stay logged in for extended periods without re-authenticating every day.
A facility management company in the GCC won a contract with a government entity that required all vendor software accessing government-related data to enforce multi-factor authentication. ERPNext's native MFA is functional but requires configuring it separately for each user — and tracking MFA enrollment across 80 field staff is its own project. After Microsoft Entra ID SSO integration, MFA is enforced by Entra ID's conditional access policy — the same policy that applies to Teams, Outlook, and every other Microsoft application. When staff log into ERPNext, they authenticate with Microsoft and MFA fires automatically. No separate ERPNext MFA enrollment, no exceptions. The compliance certificate the government entity required was issued within two weeks of the integration going live.
All three identity integrations use industry-standard protocols — no proprietary connectors, no lock-in, and no security shortcuts.
Tell us which identity provider you use and how many ERPNext users you have. We will have SSO live in under a week — with roles mapped to your existing groups.
Book a Free SSO Integration Call →