Skip to main content

Security & Authentication

KpiX is built for enterprise industrial environments where security isn't optional. Every login method, session, and command is protected by layered authentication controls.

Login Methods

MethodDescription
Username & PasswordStandard credential-based login
One-Time Password (OTP)Time-limited email OTP for passwordless access
Microsoft SSOAzure AD / Microsoft Account via OAuth2 (Pro & Premier)
Custom Social LoginConfigurable third-party OAuth2 identity providers
Guest AccessToken-limited read-only login for external stakeholders

Password & Session Management

  • Self-service forgot password flow with OTP email verification
  • Admin-triggered password reset for locked-out users
  • JWT refresh token support for seamless session extension without re-login

Multi-Factor Authentication (MFA)

MFA is available on Essentials and above. KpiX enforces MFA on:

  • Login (configurable per application)
  • Command operations - operators must confirm identity before sending device commands or control actions
  • Control Centre operations - MFA confirmation before Control Centre device interactions

This ensures no accidental or unauthorised commands reach assets in the field - critical for industrial equipment and safety systems.

Encryption & Key Management

  • Per-application RSA asymmetric key pair generation
  • Payload encryption and decryption utilities for secure data exchange with external systems
  • All data in transit encrypted via TLS 1.2+
  • All data at rest encrypted in Azure storage

Private Cloud & Data Residency (Premier)

For customers with strict data sovereignty requirements:

  • Private Azure tenant deployment - your data stays in your own cloud subscription
  • On-premise deployment - available via custom engagement
  • Data residency options - choose the Azure region where your data is stored

Key Benefits

  • MFA on commands - the safety-critical protection industrial environments expect
  • SSO-ready - Microsoft Azure AD integration out of the box
  • OTP login - no password management burden for field users
  • Private cloud - full data sovereignty for regulated industries

See also: User Access for role-based permissions, and Audit for compliance logging.