RealMe assertion service
RealMe® assertion service provides the means for a customer to prove personal information online. At present, we offer verified identity (name, date and place of birth, gender) and verified residential address. The service is often referred to as RealMe verified identity as this is usually the most essential set of personal data.
Organisation benefits include:
- no need to incorporate an in-person or third party capability for verifying personal information for use online
- high strength attribute verification is guaranteed by real-time access to the authoritative source record
- provide customers with a verify once - use online many time experience
The RealMe assertion service is available to organisations in the wider government sector and to approved organisations in the private sector such as financial institutions.
If your organisation wants to maximise use of the online channel and needs strong proof of your customer's identity and other personal details before services can be provided, then the RealMe assertion service may be a good fit. See the RealMe website about business use(external link) for more information on the assertion service.
Combining RealMe login service and RealMe assertion service
There is no direct link between RealMe login and RealMe assertion. For most online services, the customer will authenticate many times, but only verify their identity, address or other attributes once at registration or perhaps at infrequent intervals when circumstances change. An assertion of customer's attributes must take place in a managed session to protect the personal information being shared.
For private sector organisations, that are not able to use RealMe login, the customer requires a RealMe verified identity in order for authentication to succeed.
For government agencies, there are two likely use cases:
- Log in and assert - in the registration process, the first step for the customer is to log in, and possibly provide some initial personal information. For many agencies' online services, the registration can be completed with a low strength, username and password login. At the point the agency process requires identity, address or other attributes, the customer is given the choice of completing this online via the RealMe assertion service or by using an alternate verification process. If the customer chooses the RealMe assertion service as their verification method, they are authenticated at moderate strength - a two-factor login involving an SMS code, or Authenticator application. Logging in as the first step of registration is usually the simplest approach, however the customer will need to log in again to assert their details.
- Assert and log in - in the online service registration process, the first step is for the customer to choose whether they want to prove their identity online via the RealMe assertion service or use an alternate verification process. If the customer chooses to assert their identity with RealMe they are authenticated at moderate strength. Asserting as the first step of registration can be a more complex process to implement, but may be an easier flow for the customer. There are two variants of the Assert and log in flow:
- Assert and log in - the customer must already have a verified identity. If they do not, the customer will not be authenticated.
- Assert and always log in - the customer must have a RealMe Login but may not have a verified identity. If they do have a RealMe login but no verified identity, the customer will still be authenticated. The online service then handles the verification of the customer either by encouraging them to apply for a RealMe verified identity or triggering their own alternate verification process. Until the customer's identity is verified the agency service can limit the functions the customer can perform. If they do not have a RealMe login they cannot be authenticated and the user must be directed to create a RealMe Login via the Login service.