Deprecation of Basic Authentication


As part of our ongoing commitment to security, we will be ending support for Basic Authentication for all EnergySys services. This includes authentication for our web application and use of our OData service. 

All authentication for a customers instance will have to performed against a customers Azure Active Directory. 


Why are we ending support of Basic Authentication?

Basic Authentication relies on a simple username and password to authenticate a user to access the EnergySys Cloud Platform. Unfortunately, it makes it easier for attackers to capture user credentials, which increases the risk of those stolen credentials being reused against other endpoints or services. Furthermore, the enforcement of multifactor authentication (MFA) is not simple or in some cases possible when Basic authentication is used. Basic authentication is an outdated industry standard. There are better and more effective user authentication alternatives.


What does the end of Basic Authentication mean to our users?

If you work for the company that owns an EnergySys instance that you use, then it will mean improved integration for you when using EnergySys. You will not need to have a separate username and password and you will be authenticated by the same credentials you use to access your work computer. 


If you have any users that are not part of the company that owns the EnergySys instance they will need to be added within your company's Azure Active Directory.


Will accessing Excel or PowerBI change?

When you move away from Basic Authentication there is a small change required when working with EnergySys data via Excel and PowerBI where you will have to switch from using 'Basic' security to 'Organisational account', and Organisational account will require you to use your Azure AD account to log in.



How do we test the Azure Active Directory Authentication?

As part of the process of implementing Azure Active Directory Authentication we will ask for a couple of volunteer accounts to be available to test that they have been able to authenticate and get to their data in the web application the OData service. Once testing has been completed, we will then switch this over for all user accounts for your company.


Are there alternatives to Azure if we don't use Azure Active Directory?

There are no supported alternatives, and you will need to have Azure Active Directory subscription in place and setup for Federation with EnergySys before Basic Authentication is out of support.


Does this change the way we use reporting tools?

If you are refreshing reports using OData on your own machine then, if using Microsoft products, the only switch is to use 'Organisation account' security with your Azure AD Account when prompted. For dashboards that use a generic Basic Authentication account these will need to be either updated to use a certificate or to use an Azure AD account.

For non-Microsoft products you should confirm support of authentication methods with the provider. 


We have previously stopped Basic Authentication internally is there more to do?

Yes. Any user that accesses your instance will also need to be accessing it without basic authentication. This includes any reporting accounts, external users, implementation partners and other systems. If a user each of these will need to be added to your companies Azure for authentication, for systems they will need to use a certificate to authenticate.


We have internal systems getting data from EnergySys what needs to be done?

For machine-to-machine access (a system requesting data from EnergySys) the recommended approach is to use certificates for authentication and we have a guide to assist in creating these that covers the requirements for the certificates. The switch to use certificates for authentication can be managed separately from the user authentication switch but both must be completed by the deadline.


Does switching to certificates need to be aligned with users switching over?

No, the switch to certificates can be started now. The use of certificates can be implemented separately to the migration of users away from Basic Authentication. The only commonality is that both need to be completed by the end of  2023.


Is there more happening with authentication?

We are going to make it easier for companies to connect to EnergySys for authentication with an introduction of an Azure Gallery App

This improvement will allow companies to assign group permissions within Azure Active Directory to a user. These Azure Active Directory groups will correspond to the roles within EnergySys.

This will require some changes within your Azure Active Directory, and we are currently designing the solution to have as minimal impact to users as possible.


Authentication Change Flow