NZ Ministry of Education - easing access to digital services

The existing education sector identity verification and access management systems were reaching end-of-life, and the ageing technology on which they were built was increasingly challenging to support. In addition, there is a requirement for a modern platform to enable the sector to meet an increasing demand for digital access to services.

 

The Ministry of Education (Te Tāhuhu o te Mātauranga) won a major Public Sector Project of the year prize for this work - the Education Sector Logon Upgrade Project.

See a list of the wnners at the 2018 NZ Project Management Awards.

 

Background

Security of information, and compliance with New Zealand’s Privacy Act, is vital for any Government agency.  The associated challenges are significant for the Ministry of Education with a very wide range of users across the education sector including employees, partners and students with a wide range of access requirements.

The Challenge

The Ministry and education sector agencies, such as the Tertiary Education Commission (TEC) and the New Zealand Qualifications Authority (NZQA), provide a range digital services to teachers, school administrators and education professionals throughout New Zealand.

With a desire to work together to provide a simple and easy to use experience for their user community, the sector agencies have taken an integrated approach to the delivery of services.

A critical factor for an optimal user experience is a single username and password to enable users to access sector applications, and efficient provisioning and support of these credentials. 

The existing education sector identity verification and access management systems were reaching end-of-life, and the ageing technology on which they were built was increasingly challenging to support.  In addition, there is a requirement for a modern platform to enable the sector to meet an increasing demand for digital access to services.

Results

The Education Sector Logon (ESL) was upgraded to provide an identity and access management system to meet current and future requirements across the education sector.  It supports around 100,000 teachers, school administrators and other workforce users across over 22 critical education sector operational applications from the Ministry, NZQA, TEC and the Education Council.

 

 

Enhanced User Experience

Users have a single username and password for all Education Sector applications. This makes it easier than remembering multiple username formats and passwords.  It also reduces the temptation to write down passwords, which undermines security.

Distributing the responsibility for administration

The upgraded Education Sector Logon provides improved functionality for delegated authorisers in schools.  Users were previously granted access to applications by submitting a request to the Ministry’s service desk who manually provisioned each application, a process that took up to three days.  Datacom’s new platform enables immediate staff access to applications via a system generated email invitation.  Users can also maintain some of their personal data directly and securely.  The amount of time and effort spent by school and Ministry service staff has been significantly reduced, in some cases from days to minutes.

The design of the system has allowed the Ministry to simplify and modernise the user experience and minimise administrative tasks in schools and in the Ministry.

Supporting the Sector’s wider goals

For the Ministry and all participating agencies, the Education Sector Logon helps maintain assurance (integrity and privacy) across all applications.  Having an integrated login builds confidence and maintains trust that all education data will be handled with care.  The visibility and ease of on-boarding and off-boarding, reduces the administration burden on school administrative staff and the Ministry’s service desk.  There has been a noticeable increase in user satisfaction and a reduction in requests for assistance related to logins.

The new system has proven to be robust, stable and scalable, already easily coping with authentication volumes beyond previous peaks.

The ESL provides role and context-based identity enabling applications to offer privileged access to data and applications based on an individual’s role in a particular context and provides the sector with a single access control point.

Looking to the future, the ESL provides a strategic building block for enhanced digital services.  The evidence of identity achieved through the ESL enrolment process can be further leveraged by education providers and agencies to reduce the ongoing burden of administration.

The Datacom Difference

Having previously worked with other government agencies on large scale identity projects, Datacom understood the complexity of the education sector’s requirements and the high security and privacy threshold that must be met.

Given the scale and diversity of the education sector, and the inherent complexity of identity and access management, adopting a traditional “waterfall” approach was considered unsuitable because the timeframe was critical and new technology provided options to improve the user experience.  Datacom used an Agile methodology, moving into a Ministry location in January 2016 to immediately start working with Ministry staff on developing a platform.  We adopted an iterative approach which enabled us to build and refine the solution as the complexity was understood, and an optimal solution evolved.  This approach enabled continuous consultation and rapid prototyping.  Sector stakeholders had visibility throughout the process, which lead to user acceptance and expected outcomes.

The solution went live in April 2018, after the successful migration of 22 applications using SAML 2.0, 70 machine-to-machine accounts using OAuth 2.0, and the transition of more than 70,000 users and their attributes from legacy systems.

Datacom’s experience in digital identity projects informed the optimal way to design, build and test the core software component of the solution.  The adoption of automation facilitated rapid testing of software iterations, and the creation of new environments.  New features could be quickly and confidently deployed as required.

Ministry staff were introduced to the Agile methodology.  The team was trained and coached by a qualified Agile coach to ensure they understood and were integral with the process.

The high quality of engagement, collaboration and close communications across business and technical levels was endorsed and validated both by education sector stakeholders and in an external quality assurance review conducted by PwC.

 

“The successful upgrade of the Education Sector Logon positions the education sector to meet the increasing demand for digital services and provides confidence that education data is secure, and users of the system are safe.  I was delighted that the project team, of which Datacom was a key member, were selected as a finalist in the prestigious IT industry awards in 2018.”  Zoe Griffiths, Deputy Secretary, Business Enablement and Support, Ministry of Education, following the successful transition to the upgraded system.

“The Ministry is excited about the new and enhanced digital services that the upgraded Education Sector Logon system can enable, and relieved that the highly complex investment has been a success. Close collaboration between the Ministry, education sector agencies, the Department of Internal Affairs, and our business partners was a critical factor in achieving this success. Datacom brought their expertise in digital identity and Agile delivery, providing confidence in the design and capability of a key component of the solution. We look forward to extending digital services to enable equitable and excellent outcomes across the education sector.”

Stuart Wakefield, Chief Information Officer, Ministry of Education, on the significance of the Education Sector Logon.