Summary
As Hong Kong’s major mass transit railway operator, MTR Corporation built a digital platform to streamline recruitment and management of part‑time station staff. The platform needed to serve two distinct audiences—internal station managers and external candidates, while integrating with MTR’s enterprise identity stack. With Authgear, MTR launched a dual‑authentication solution: Azure AD for managers and WhatsApp OTP for part‑time users, delivering enterprise‑grade security with a mobile‑first, low‑friction experience.
At a glance
- Industry: Public transport & operations
- Users: Internal station managers & external part‑time applicants
- Use case: Workforce hiring and shift management access
- Auth methods: Azure AD (SSO/MFA) for managers; WhatsApp‑based OTP for applicants
- Outcome: Faster onboarding, fewer password issues, compliant and scalable access
About MTR Corporation
MTR Corporation operates Hong Kong’s mass transit railway network and related transport services. The company is committed to operational excellence and leverages digital platforms to improve recruitment, scheduling, and frontline workforce management.
The Challenge
- Two user groups, one platform: Tailor login for internal managers and external candidates
- Ease of access for casual users: Many applicants are non‑technical and mobile‑first
- Enterprise alignment: Integrate cleanly with Azure Active Directory and existing security policies
The solution
Authgear delivered a dual authentication approach that balanced security and simplicity:
- Role‑based authentication
Different methods by role ensured usability and security across both audiences, with centralized policy control. - Azure AD integration for station managers
Managers sign in with existing MTR Azure AD credentials—gaining SSO, MFA, and seamless account lifecycle management aligned to corporate policy. - WhatsApp OTP for part‑time users
Applicants authenticate via WhatsApp one‑time passwords, removing the need to remember complex passwords and streamlining mobile access.
The Results: Flexible Login, Lower Overhead, Better Adoption
- Enterprise‑grade security for managers: Azure AD + MFA
- Frictionless, mobile‑friendly access for applicants: WhatsApp OTP
- Lower support burden: Fewer password resets and help‑desk tickets
- Compliance maintained: Alignment with internal IT and data protection standards
- Faster time‑to‑launch: A pragmatic, role‑aware login experience delivered quickly
Why Authgear
- Best of both worlds: Enterprise integration for staff, consumer‑simple access for applicants
- Standards‑based & extensible: OIDC/OAuth2 with flexible factor options
- Mobile‑first UX: Optimized for quick, repeatable access on shift‑driven workflows
- Operational control: Centralized policies and audit‑ready configuration
Feature highlights
- Azure AD SSO + MFA for internal managers
- WhatsApp OTP for external part‑time users
- Role‑aware flows and centralized policy management
- Admin tooling & APIs for streamlined user lifecycle
