Third Party and Vendor Access Management for Critical Infrastructure


Located in the heart of one of largest economic regions on the west coast in North America, our customer is a municipality with a very active industrial and commercial services sector. The team at the municipality needed to adopt Vendor Access Management and enforce Multi-Factor Authentication on the SCADA system at their water treatment facility. With Agilicus AnyX, the team was able to achieve their goals and adopt a Zero Trust security framework to enable secure access for all internal users and third party vendors.

secure access solutions

Vendor Access and Multi-Factor Authentication Enforcement Challenges

Due to their scale of operations, our customer works with third parties to ensure critical infrastructure resources are operating optimally. However, third parties and vendors introduce inherited cyber risks for municipalities, which is especially dangerous for critical infrastructure. 

Our customer set out to introduce multi-factor authentication requirements and Vendor Access Management for all city resources, including their critical infrastructure. The SCADA system supporting the water facility had several limitations that interfered with the adoption of those secure access policies.

974fa060 vendor access case study 01

Budget constraints prevented the IT team from changing the licensing for the SCADA software to integrate identity into the application.

68d4cd08 vendor access case study 02

A single, shared login was not acceptable and it was not possible to provide individual active directory licenses to vendors.

b9823fa4 vendor access case study 04

Multi-Factor Authentication was required for access by user groups.

8b60da63 vendor access case study 03

Remote access to the SCADA system was a requirement for all internal and external users.

It was critical that any solution would provide the Information Technology team with precise control over permissions and privileges for such a diverse user group (internal users, vendors, third parties). A large and costly upgrade of the SCADA system was simply not possible. The Municipality needed a SaaS solution that could deliver Vendor Access Management and introduce authentication and authorisation as a layer instead of as an add on to the SCADA software integration. 

Vendor Access Management (VAM) with Agilicus AnyX

The Agilicus AnyX introduces authentication and authorisation policies across user groups to enable simple access without exposing resources to the public internet. Our customer seamlessly and affordably enabled secure access for vendor support of the SCADA system at the water treatment facility with Agilicus AnyX.


Vendor Access Management

Agilicus AnyX was used to quickly and easily onboard third party vendors without issuing new accounts or credentials. Fine-grained authorisation is paired with detailed audit logs, ensuring the team has complete control and visibility over when their users and vendors are accessing the SCADA system.

d7732dd2 solutions cards insurance

Multi-Factor Authentication

Multi-factor authentication can be enforced on any resource, requiring a second factor as part of the login flow to gain access to any designated resource.


Federated Identity

Agilicus AnyX federates identity, allowing users from different organisations to use their individual user ID for access to their permissioned applications. Single Sign-On delivers a simple end user access experience while the platform works behind the scenes to unify authentication, putting administrators in full control of who can onboard into their system.


Centralised Authorisation Management

Through a single pane of glass, administrators can easily add or remove users and precisely adjust authorisation permissions, whether it’s for an internal employee or third party vendor.


Identity Aware Web Application Firewall

In addition to the above security The Agilicus AnyX Identity Aware Web Application firewall makes resources accessible to authorised users without making them visible on the public internet, where access is only permitted on the basis of authenticated identity.

Our customer was able to implement Vendor Access Management and enforce multi-factor authentication to ensure the SCADA system could only be remotely accessed by authorised users without exposing the water treatment facility to external risks.

Business Impact

With Agilicus AnyX our customer adopted vendor access management with precise control of authorisations and permissions across user groups without having to issue new accounts for their vendors. Precise authorisation controls enabled permissions and privileges per user, simplifying access without giving up ground on control or visibility of who was accessing the SCADA system. 

Vendor Access Management was effectively achieved without interrupting water services for citizens or burdening internal users and third party vendors.

Centralised Authorisation Management for Internal Users and Third Party Vendors

Least Privilege Access Controls and Detailed Audit Logs

Remote Access with Enhanced Cyber Resilience

Authentication via Federated Identity and Single Sign-On

Enforcement of Multi-Factor Authentication

Get In Touch

Ready To Learn More?

Agilicus AnyX Zero Trust enables any user, on any device, secure connectivity to any resource they need—without a client or VPN. Whether that resource is a web application, a programmable logic controller, or a building management system, Agilicus can secure it with multi-factor authentication while keeping the user experience simple with single sign-on.

agilicus-logo-horizonta, +1 ‪519 953-4332‬

300-87 King St W, Kitchener, ON, Canada. N2G 1A7

partner, +1 ‪555 555-5555

1 Main Street, Townsville, ON, Canada. POST-CODE