Fast, Secure Access in OT

In modern OT environments, production systems are no longer tied to physical control PCs. Instead, they are virtualized and run centrally in highly available data centers. On the shop floor, lightweight endpoints with IGEL OS12 provide access to these systems via VDI. This setup is efficient and scalable – but it introduces a key challenge:

How do you ensure secure authentication without slowing down production?

The challenge of securing OT for high-productivity

In many production environments each workstation is mapped 1:1 to a VDI session, the MES is not multi-user capable, a generic user per station is required and switching users would interrupt production. At the same time,  the administrator must manage dozens or hundreds of stations, passwords must be changed regularly, and users cannot realistically manage multiple credentials. In addition, fully automated logins are not acceptable from a security perspective.  This creates a clear conflict between security requirements and usability on the shop floor.

IGEL in partnership with Evidian offer a secure and easy solution.

The solution combines IGEL OS 12 with the Evidian Authentication Manager client in one application – IGEL Agent for Evidian Privileged Access Management. 

Evidian Authentication Manager at the backend centrally controls: 

• User validation 
• Access policies 
• Authentication methods (e.g. PIN, MFA) 
• Credential handling during login 

This allows authentication to be both secure and operationally efficient. 

How It Works

The user flow is simple and consistent:

• The IGEL OS device is in lock screen mode
• The user authenticates via RFID badge or NYMI band
• If required, a second factor (PIN) is entered
• Evidian verifies the user and the workstation
• The system logs in using the station-specific generic account
• The VDI session starts automatically.

Inside the VDI:

• The user logs into the MES using personal credentials via a second RFID reader.

To lock the workstation:

• The user taps their badge or NYMI band again.

Key Benefits of the IGEL App for Evidian include

• Passwordless experience for the operator
• Fast and secure login via badge or wearable
• No need to manage credentials
• Compliance with security policies (including MFA)
• Touch-only operation possible (no keyboard required)
• No disruption to production processes.

This approach provides a practical way to balance security, usability, and operational stability in OT environments. 

With IGEL OS and Evidian, authentication becomes: 

• Simple for the user
• Controlled for IT
• And reliable for production.

The IGEL Agent for Evidian PAM app in IGEL App Portal is planned for April 2026.   Learn more about how IGEL and our ecosystem partners help secure and build resilient OT environments.