Public transport in Switzerland is a model for success. As a training partner of SBB, BLS, RhB, VöV and around 50 other companies, login organizes market-oriented apprenticeships, internships and further training in the world of transport. In order to be able to train qualified young people in over 25 professions in the future, login continuously invests in the further development and modernization of its training courses. As the link between the apprentices, the affiliated companies and the educational institutions, it is important to keep pace with digitalization. This includes continuously investing in the right training models and digitalization measures and ensuring the efficient integration of all those involved in training into the processes and systems.
Web portal infrastructure as the linchpin of all digitalization projects
In order to prepare for future digitalization projects and prevent fragmentation or the construction of isolated solutions from the outset, login decided early on to strategically restructure its IT infrastructure. The linchpin is a centralized web portal infrastructure – implemented with the USP Secure Entry Server®. This protects all applications that can be accessed via the Internet – regardless of their nature – from the OWASP Top 10 and many other risks, as well as from unauthorized access.
But how do you protect web applications that several thousand users with x types of devices want to use from unauthorized access? This is the secret of the Web Entry solution that login has developed together with United Security Providers. Two-factor authentication with a user name/password and time-based one-time password (TOTP, e.g. Google authenticator or SMS token) is necessary to keep application protection high and prevent misuse.
Web-based SharePoint access for all user groups
The users involved in training, such as vocational trainers, login employees and apprentices, use the Office 365 SharePoint portal for training management. Today’s access is web-based and possible with any browser: The vocational trainers log in easily with their e-mail/password and enter their TOTP password for strong authentication.
E-learning from the cloud for pupils
Access for learners is based on the same principle: The Time2Learn training and learning platform is available to them outside of traditional classroom teaching. Here too, access is via the web browser using a user name and password in conjunction with a TOTP password, regardless of the end device used. If a user does not have a smartphone, they are automatically authenticated via an mTAN (SMS) token.
High user-friendliness for more learning success
Single sign-on for maximum user-friendliness
In addition to protecting the applications, user-friendliness is one of the most important goals of the central web portal. Users should not have to authenticate themselves individually for each application. This is why login has implemented single sign-on for all applications. As the SharePoint portal is operated as a central information and communication platform in the Azure cloud and the e-learning platform in another cloud, login relies on federation. User access data is not stored in the cloud, but is managed centrally in the local AD. The USP Secure Entry Server® acts as an identity provider (IdP) and enables user authentication for applications in the cloud. Applications such as electronic time recording, which are operated on-premise and can be accessed via the Internet, are also connected via the USP Secure Entry Server® and can therefore also be accessed using convenient single sign-on. To ensure that a user only has access to the applications for which they are actually authorized, the USP Secure Entry Server® also handles authorization after successful authentication (identity).
Context-based authentication
To ensure user-friendliness, employees who have a login device and users who are in the office do not require a second factor for authentication. Certain partners (e.g. SBB) are also exempt from the second factor if they access from the internal network.
Operation and monitoring by the USP Security Operations Center
To ensure 24/7 availability of Web Entry, login has decided to have the solution operated by the Security Operations Center (SOC). A competent security team monitors operations around the clock and can intervene immediately in the event of an incident. This allows login’s IT department to focus on its core tasks and gives it the resources to drive forward future digitalization projects.
Result: Successful login IT
login’s IT department has laid the foundation for all further digitalization measures with a central web entry. A central security baseline ensures that security guidelines are enforced across all applications that can be accessed via the internet. Every user has a single point of entry. The login is user-friendly and meets the highest standards of modern user experience.