Solution 

Shaping Cloud proposed a simple seamless authentication and authorisation system which plugged into existing architecture, facilitating new system integration.  The vision was to create a solution which worked behind the scenes to enable systems and applications to share user data elegantly without the end user’s awareness, creating an uninterrupted user experience. A universal key was to be created so users could open a number of doors held by different stakeholders in a complex eco-system with their network identity credentials, without compromising on security controls. 

We wanted to build an innovative solution which the public sector could benefit from as a whole. Design principles shaping the approach included simplicity, the ability for Data Owners to control access to their resources, providing the user with visibility and control of the services using their identity whilst giving them the least privilege to perform their tasks.  The system would be auditable and observable, heterogenous and eliminate duplication of current functionality; providing a complementary service which is re-usable across different touchpoints.  

GM Identity brings together Microsoft’s Identity stack including on-prem Active Directory instances, AAD, AAD B2B, and AAD B2C.  Alongside, it adds to that the latest identity frameworks, standards, and protocols, as well as automated workflows to enable non-technical staff to manage access to resources. In order to meet Health and Social Care collaborative requirements, it also incorporates NHS standards, NHS Mail, and NHS Login. All together, this creates a flexible and secure federated identity, authentication and authorisation service ideal for NHS and Gov organisations needing to collaborate more.  

Identity credentials and user permissions follow users across the network of apps and tooling, reducing account creation and maintenance tasks across all administrative touchpoints.  A user can be created centrally and granted instant access to applications, with the same capability to terminate access. Leveraging Azure cloud technology and cutting-edge best practise in authentication, the system bridges the gap between currently available Microsoft services and bespoke system and context requirements; creating end points that work with various applications and line of business systems.  

GM Identity provides application providers with a single integration point to work with to access the network – simplifying the onboarding of innovative digital tooling to public sector organisations. The plug and play nature enables new suppliers/systems to be onboarded using open identity standards – reducing future investment in development.  

It works with multiple identification providers and trust vectors to share central role or attribute data to allow the access of information, delivering the end user a consistent single sign on experience and flexible authentication methods.  Having integration with NHS Login provides the service with NHS-compliant identity verification for patient access to data and systems. 

Outcomes  

GM Identity launched as an MVP with one use case in January 2020, but has since become considered to be a core digital component of what is known as the GM Digital Platform. It is one of the first non-NHSD apps to be authorised to use NHS Login (for secure and verified patient access). Yet it provides a variety of authentication options including Microsoft Identity, to enable controlled access to any app or resource that connects to it. 

The system allows the flow of information to facilitate real world working practises and solve user problems so they can maximise interactions. Information can be shared between the general public, health care professionals and local authority representatives, safe in the knowledge the data is secure and being accessed by appropriate parties. GM Identity is currently utilised by applications to reduce smoking in pregnancy, digitise child development plans, and facilitate interactions with various stakeholders regarding school age children’s development requirements. We currently we are in talks to onboard applications which reduce homelessness, facilitate education funding, aid hospital discharge and support patients’ treatment journeys through complex ecosystems, amongst others.  

The future 

The most utilised application is Early Years, which allows new parents to interact with health visitors and provide development updates securely. Using a build-measure-learn approach, our next phase of the onboarding process is to facilitate P0 and P5 trust vectors to aid social inclusion and increase activation of users who prefer a lower trust vector registration process, whilst still delivering them functionality of value and enabling staff to carry out their assessments.  

Having created a system which can handle both small and scale implementations we have roadmap aspirations to   

• onboard further identity providers to widen citizen and non-GM staff access
• enable the movement of bank staff between organisations with ease
• facilitate the access of network-based devices and Wi-Fi
• lessen the administrative burden of joiners, movers and leavers with integration into HR systems
• widen our user management interface capability which allows application developers to manage their GMID configurations and administer users.

We are hoping the public sector can benefit from the innovative approach we’ve taken with GMCA and GMHSCP, therefore if you have IAM needs please contact our sales team.