Why Single Sign-on (SSO) and Multi-Factor Authentication (Mfa) Are Indispensable for Modern Customer Portals in Mechanical Engineering

In this blogpost

1. What is single sign-on (SSO) and how does it relate to customer portals in mechanical engineering?

2. What is single sign-on (SSO) and how does it relate to customer portals in mechanical engineering?

3. How SSO and MFA work together to provide security and convenience

4. Conclusion: Why SSO and MFA are indispensable for modern customer portals in mechanical engineering

Customer portals contain not only simple user information, but also highly sensitive data — from business data to production parameters. At the same time, expectations in terms of providing easy, fast and secure access are increasing. Conventional login methods such as user names and passwords have long since reached their limits. They no longer provide sufficient protection against modern threats such as phishing, credential stuffing, and data leaks.

The need to create secure yet user-friendly systems is greater than ever. Not just because the frequency of cyber attacks is increasing, but also because new regulations such as the NIS2 directive and the cyber resilience act (CRA) place clear requirements on companies. These regulations mean that implementing robust security solutions is mandatory in order to minimize risks and comply with the law. But there's good news too: technologies such as single sign-on (SSO) and multi-factor authentication (MFA) offer solutions that can increase security and are easier to use. This blog post tells you what lies behind these technologies, how they interact, and what specific advantages they offer companies and users.

Single sign-on (SSO) allows users to access multiple systems, applications, and portals following a single authentication. Instead of logging on each time, the user's identity is verified once so that the authentication applies to all connected services.

From a technical point of view, SSO works by integrating an external identity provider, such as Azure Active Directory, which handles authentication. This reduces dependence on locally stored passwords while providing a higher level of security.

One of the SSO solution’s strong points is being able to integrate multiple identity providers. This means that you can not only make it easier for your employees, but also for your customers and their teams. For example, a machine operator at your customer’s company can log in with their own identity provider instead of having additional login data for your customer portal. The administration of each domain is entirely in the hands of the respective customer. This not only provides enhanced security, but also takes the pressure off your IT department. What is more, you have the option to create flexible and customized access structures for each domain without compromising on security. Sensitive information such as passwords remains protected, including from your administrators.

If any problems occur, such as a forgotten password, the portal administrator can reset the login data without gaining access to the original passwords.

SSO functionality has also been optimized for mobile applications. Once configuration is complete, the mobile app provides access via the same identity provider. In many cases, SSO can be configured to completely replace the conventional password login. This avoids the vulnerabilities associated with using insecure passwords and provides a seamless user experience.

For companies, introducing SSO means an increase in usability, as well as significant security advantages. Authentication using an external provider ensures robust administration of user identities, while the decentralization of domain admins creates clear responsibilities.

Multi-factor authentication (MFA) is an important component of modern security strategies. At its core, MFA adds a second level of security to the conventional password login. In addition to “something that you know” (a password), it adds “something that you have” (such as an authentication app) or “something that you are” (such as a fingerprint). This protects access even if a password has been compromised.

The current cybersecurity threat scenarios make MFA indispensable. Attacks such as phishing and credential stuffing aim to steal user passwords and gain unauthorized access. Using a second factor makes it much more difficult for attackers to gain access to a system, even if they know the password.

In view of new regulations such as the NIS2 directive and the Cyber Resilience Act (CRA), MFA is also becoming mandatory. Companies need to apply additional security measures to protect their own systems, as well as their customer portals.

Integrating MFA into SSO processes means that in addition to using a single login for different applications, the user’s login is also secured by a second factor. After the first SSO authentication, the user is prompted by an authentication app to complete the registration of the second factor using their mobile device.

In practice, this works as follows: A machine operator logs on to the system using SSO to get direct access to the required applications. For particularly critical systems, the administrator can determine how frequently the second factor (confirmation using their smartphone) needs to be used. This could be every time for accessing control systems that are mission critical for production, but only every 7 to 30 days for viewing a dashboard, for example. 

The combination of SSO and MFA provides the perfect balance between usability and security, while taking into account the needs of everyone involved.

1. For you as a customer portal provider: You benefit from central administration, take the pressure off your IT department, and ensure that your portal is both convenient to use and secure. At the same time, you meet regulatory requirements without additional expense.
2. For your customers: Your customers can still use their own identity providers, which makes integration into existing work processes much easier. Domain administrators maintain control over users within their domain while you ensure the security of the overall system.
3. For users on site: Machine operators, service technicians and maintenance personnel can access the portal securely and easily, from the office, on the production shop floor, or on the go.

Security is becoming more and more of a critical competitive advantage. A customer portal that is both user-friendly and secure sends a strong signal to customers and business partners that the company is committed to innovation, professionalism and is well aware of its responsibilities. Implementing SSO and MFA is more than just a step towards complying with regulations like NIS2 and the Cyber Resilience Act (CRA), it is an active investment in your future. Companies that implement these technologies early on set standards that make them stand out from the competition. At the same time, they minimize the risk of cyber attacks and ensure that their systems meet the strictest security requirements.

With our digital transformation solution EquipmentCloud® and the IoT device management solution KontronGrid, you are on the safe side: both solutions offer single sign-on (SSO) and multi-factor authentication (MFA) as fixed components. This not only means added security for you and your customers, but also significantly simplified login.

Do you have any questions about how EquipmentCloud® or KontronGrid can meet your requirements for a secure and user-friendly customer portal? Our experts would be pleased to explain the benefits of these technologies and help you find the right solution for your company.