OAuth and TLS 1.2 Security Updates & Its Impact on Sage 100

There are two important security updates approaching that will impact Sage 100 customers, not on a recent product release.

Sage began notifying Sage 100 software users about the security updates the week of August 1st in an email titled “Security Updates that May Impact Your Use of Sage 100”.

Effective October 1, 2022: Microsoft will disable Basic authentication

Beginning October 1st, Microsoft will disable Basic authentication for email services and will require the use of modern authentication (OAuth) for Microsoft Exchange Server and Office 365.  This effects Sage 100 software users as they utilize Sage 100 Paperless Office features to e-mail documents including but not limited to, Sales Order invoices, Accounts Receivable statements, Purchase Orders, or Employee Direct Deposit stubs.

Any Sage 100 customer using Basic Authentication with Microsoft email services will experience interruptions with their Sage 100 in-product email services.  This means that in-product email services will stop working on versions of Sage 100 other than 2021.4 or 2022.1.

Sage 100 OAuth Frequently Asked Questions

Read the FULL Sage 100 FAQ on OAuth

What is email Basic Authentication?

The original, simple way to verify your identity using a login ID and password. This basic approach has proven to be a security risk versus more modern methods because anyone that gets these credentials can access your accounts and information.

What is Modern Authentication or OAuth?

Modern Authentication or “OAuth” involves a combination login authentication and authorization to make it much harder to gain access to your information. An example is the use of multi-factor authentication (MFA) access codes sent via email or text, or authentication software tools like Microsoft Authenticator. It is far superior to Basic Authentication in protecting your accounts and information.

Why is an upgrade to Modern Authentication important?

Basic Authentication is outdated and more vulnerable to breach. Also, the two largest email providers (Google and Microsoft) have stopped or are planning to stop supporting Basic Authentication.

What versions of Sage 100 are impacted by this change?

Sage 100 began supporting OAuth in versions 2021.4 and 2022.1. Customers will need to upgrade or apply a product update if they are using an impacted email service.

Do I need to upgrade my Sage 100 software?

As of August 8, 2022, Sage is recommending an upgrade to Sage 100 2021.4+ or 2022.1+ versions as they are compatible.  This is crucial if you are emailing invoices, quotes, statements, and reports directly from Sage 100.

What happens if I don’t upgrade my Sage 100 software?

Integrated functions in the software that utilize a customer’s email service will stop working correctly. This only applies if you’re using an email service that requires Modern Authentication (OAuth).

Do NOT panic – we’re here to help you!

Reach out to your Sage 100 software consultant at DWD to review your applications and determine if any changes need to be made.  You can contact them via direct email, call our office at 260.423.2414 or complete a support request form.  We’re here to help you!

Start Planning Now:  Effective September 2023 Sage will no longer support TLS 1.0 and 1.1

Effective September 2023, Sage servers will stop accepting communication from Sage 100 product versions using Transport Layer Security (TLS) 1.0 and 1.1.

TLS is a security protocol that creates encryption paths over computer networks to help ensure that online communications and information cannot be intercepted. Regulatory standards have increasingly required the adoption of TLS 1.2 and the subsequent deprecation of TLS 1.0 and 1.1 due to known security risks.

Any customer on product versions using TLS 1.0 and 1.1 will require an upgrade to their Sage 100 software to prevent a disruption in the use of their software.

If a customer does not upgrade their software by September 2023, they will begin receiving warning messages when accessing Sage 100 due to the inability to communicate with Sage servers. The software will revert to read-only mode and restrict access.

Sage 100 TLS 1.2 Frequently Asked Questions

Read the FULL Sage 100 FAQ on TLS 1.2

What is Transport Layer Security (TLS)?

TLS is a security protocol that creates encryption paths over computer networks to help ensure that online communications cannot be intercepted.

What is a security protocol?

Security protocols are a set of operations or steps that occur when data is delivered or exchanged between parties. Ex. When sending an email, processing a credit card transaction, or when any data is shared between a web browser and website. Security protocols help protect communication and shared data.

How does TLS work?

TLS uses security techniques to ensure that parties involved in online communication are authenticated as the intended recipient, it protects the data being transferred, and encrypts the communication thereby protecting it from a breach.

Why is an upgrade to TLS 1.2 important?

TLS 1.0 and 1.1 were replaced by TLS 1.2 starting in 2008 to provide improved data security and better protection for customer and application information communicated over the internet. Many companies and standards (e.g., HIPAA, PCI) require the use of TLS 1.2, as do many Sage ISVs. This move to TLS 1.2 will provide increased data protection and decreased risk.

What versions of Sage 100 are impacted by the TLS 1.2 change?

TLS 1.2 is already included in current and supported versions of Sage 100 (versions 2022, 2021 and 2020.1).

Does this impact third-party products that integrate with Sage 100?

Each ISV will use TLS differently and have their own support policies. It is best to work with your Sage Partner to check with each of the vendors you use to determine if their products are impacted and if any updates are required

Do I need to upgrade my Sage 100 software?

Effective September 2023, Sage servers will stop accepting communication from Sage 100 product versions using TLS 1.0 and 1.1.  Upgrading to a supported version of Sage 100 that utilizes TLS 1.2 is required.  This includes upgrading to 2020.1 or 2021.0 and newer versions.

What happens if I don’t upgrade my Sage 100 software?

If your Sage 100 software is not upgraded by September 2023, you will begin receiving warning messages when accessing Sage 100 due to the inability to communicate with Sage servers. The software will revert to read-only mode and restrict access.

Again, Do NOT Panic!

Reach out to your Sage 100 software consultant at DWD to review your applications and determine if any changes need to be made.  You can contact them via direct email, call our office at 260.423.2414 or complete a support request form.  We’re here to help you!