RealMe® login service provides a single login, letting citizens use one username and password to access a wide range of services online. It also offers two-factor login where the online service requires a higher level of security.
Agency benefits include:
The RealMe login service is available to organisations in the wider government sector, but it is not currently offered to commercial organisations.
If your agency is launching an online service that has returning users and stores any form of personal data, then chances are that you have a need for the RealMe login service.
The RealMe login service IdP was designed to meet the privacy principles(external link) enshrined in NZ's Privacy Act - in particular, principle 12 which limits the unnecessary disclosure of unique identifiers for individuals. After a successful authentication, the login service returns only one element to the agency - the Federated Logon Tag (FLT). The FLT is a unique 35 character string that is specific to an individual user and the agency's online service. This contrasts with social media logins such as Facebook that typically share a range of personal information with each authentication, or cloud authentication services such as Okta, OneLogin and Azure that are designed for enterprise use and release identifiers such as employee name or work email address. Therefore, an agency needs to determine an appropriate registration process to obtain the first time user's personal data - this isn't provided by login service.
The RealMe login service performs a single function - authenticating the first time and returning user at the strength required by the agency. The login service does not have any information about the user's roles or online service permissions. Therefore an agency is responsible for providing the access control for website users.
The RealMe context mapping service provides support for government to deliver joined up agency services online in a citizen-centric, privacy-protective way. When a citizen is interacting at an initial agency website, context mapping extends the authentication session to enable personal data to be exchanged with another agency (now or later), or a seamless transfer to a subsequent agency to continue a particular business process. A prerequisite to the use of the context mapping service is that the participating agencies are already integrated with the RealMe login service.
Context mapping service is a set of building blocks - how it's used is very dependant on the business context and specific use cases. If your agency is considering a customer-centric joined up business process with another agency, then contact us to discuss what's possible.