RealMe for Developers and Integration Teams
RealMe.

How RealMe works

RealMeĀ® is about providing New Zealanders with easy access to online services. RealMe services are a government common capability offering core functionality to central and local government agencies, and to private sector organisations.

It's important to understand the difference between the RealMe login service and the RealMe assertion service when determining the possible fit for your organisation. 

Login button and verified button

There is a bit more to a RealMe integration than implementing a simple API, but this ensures a very secure and trusted federated service.

To integrate RealMe services you'll need to choose between the following two protocols:

  • Secure Assertion Markup Language (SAML) v2.0 is an XML-based standard that defines messages for communicating a range of security related statements about individual parties, including their authentication.
  • OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It enables clients to verify the identity of the end-user based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the end-user in an interoperable and REST-like manner.

When you're ready to get started, you can try it out now in the Messaging Test Service sandbox environment. 

After successfully connecting to the Messaging Test Service, the core steps for technical integration using SAML or OIDC describes what is involved in configuring and connecting your online service to the RealMe ITE and Production environments.

NOTE: Microsoft Entra External ID (EEID)

We are currently unable to support new integrations from services using EEID.

Initial testing by the RealMe team has demonstrated that there are several barriers to integrating EEID services with RealMe across both SAML and OIDC. The key issue is that EEID expects the users email address as a mandatory assertion/claim from external federation.  RealMe does not return the email attribute as the RealMe service is designed to meet the privacy principles (external link)enshrined in NZ's Privacy Act - in particular, principle 13 which limits the unnecessary disclosure of unique identifiers for individuals.

This issue has been raised with Microsoft as a matter of urgency. We will continue to pursue this matter with them and will provide updates as they are made available.