Customer Requirement:
A large retail chain operating hundreds of Point-of-Sale (POS) terminals faced a critical identity and access management challenge.
Each POS terminal was shared across shifts, and employees logged in using a single shared username and password. While this was convenient from an operational standpoint, it introduced severe security and compliance risks:
- No accountability: It was impossible to trace who performed which transaction or action.
- No MFA: POS terminals lacked multi-factor authentication, leaving them vulnerable to unauthorized access.
- Audit and compliance risks: Shared credentials violated internal security policies and external regulatory expectations.
- Lack of deterrence: With no personal accountability, policy violations and errors often went unreported.
As their IT and security teams began modernizing their access policies, this became a top priority.
How BAAR-IGA Solved It:
🔗Individual Credentials for POS Access
The first step was enabling unique logins for each POS operator without changing the existing POS software. BAAR-IGA’s lightweight credential layer allowed:
- Individual user accounts mapped to each staff member.
- Role-based access provisioning, aligned with shift schedules and department.
- Time-bound entitlements automatically expired at the end of the shift or contract.
🔐 MFA at POS Login – Without Complexity
To enhance security without compromising user experience:
- BAAR Authenticator was deployed to enforce MFA during each login — via push notification or TOTP.
- Users authenticated using their own devices, or a shared tablet near the POS device.
- Offline fallback methods (e.g. QR-based TOTP) were available for low-connectivity environments.
This made it possible to introduce MFA even on older POS systems with no native identity support.
⚙️ Policy-Driven Control and Visibility
- Access policies were configured to automatically grant and revoke access based on shift timings and employment status.
- Real-time audit trails logged who accessed which system and when — with full attribution.
- Alerts were configured for unauthorized access attempts, including repeated failed logins or use outside of scheduled hours.
🧠 Key Outcomes
- Eliminated shared credentials across all POS terminals
- MFA enforced at POS login — even without modifying the POS system
- User-level traceability introduced for all transactions and logins
- Audit readiness improved with accurate logs and access trails
- Security posture elevated without disrupting retail operations
🚀 Bottom Line
Shared credentials are not just outdated — they’re a liability.
BAAR-IGA helped this customer shift from convenience to accountability, without compromising operational simplicity.
With BAAR, the customer didn’t just automate offboarding — they turned it into a continuous, intelligent process that protects both compliance and security.
