The tech that enables collaboration across organisations in Health has been tested to its limits since Covid came to town. Thankfully in Greater Manchester, there were a few who foresaw the need for increased digital collaboration and started to lay the foundations.
A great example of that is GM Identity; a collaboration between tech innovator Shaping Cloud, NHS and GMCA. GM Identity takes the best of the latest standards and dev in Identity and Access Management and incorporates those concepts and protocols into a new digital product that enables seamless access and sharing of apps and data across organisational boundaries.
Context and drivers
The need to create commonality, increase consolidation and collaborate regionally was identified by Greater Manchester Combined Authority and Greater Manchester Health and Social Care Partnership. With on-prem single sign on no longer meeting emergent needs, they faced increased legislative demands and required the ability to rapidly deploy and access systems across organisations within their ecosystem.
The organisations sought to rationalise resources, share assets, control authorisation and authentication and lessen the red tape when working with other public sector organisations and the general public. Pain was felt due to a plethora of systems and associated login credentials, with precious time being wasted by frontline staff accessing them; account creation, the movement of staff between organisations and collaborative working was complex.
Solution
Shaping Cloud proposed a simple seamless authentication and authorisation system which plugged into existing architecture, facilitating new system integration. The vision was to create a solution which worked behind the scenes to enable systems and applications to share user data elegantly without the end user’s awareness, creating an uninterrupted user experience. A universal key was to be created so users could open a number of doors held by different stakeholders in a complex eco-system with their network identity credentials, without compromising on security controls.
We wanted to build an innovative solution which the public sector could benefit from as a whole. Design principles shaping the approach included simplicity, the ability for Data Owners to control access to their resources, providing the user with visibility and control of the services using their identity whilst giving them the least privilege to perform their tasks. The system would be auditable and observable, heterogenous and eliminate duplication of current functionality; providing a complementary service which is re-usable across different touchpoints.
GM Identity brings together Microsoft’s Identity stack including on-prem Active Directory instances, AAD, AAD B2B, and AAD B2C. Alongside, it adds to that the latest identity frameworks, standards, and protocols, as well as automated workflows to enable non-technical staff to manage access to resources. In order to meet Health and Social Care collaborative requirements, it also incorporates NHS standards, NHS Mail, and NHS Login. All together, this creates a flexible and secure federated identity, authentication and authorisation service ideal for NHS and Gov organisations needing to collaborate more.
Identity credentials and user permissions follow users across the network of apps and tooling, reducing account creation and maintenance tasks across all administrative touchpoints. A user can be created centrally and granted instant access to applications, with the same capability to terminate access. Leveraging Azure cloud technology and cutting-edge best practise in authentication, the system bridges the gap between currently available Microsoft services and bespoke system and context requirements; creating end points that work with various applications and line of business systems.
GM Identity provides application providers with a single integration point to work with to access the network – simplifying the onboarding of innovative digital tooling to public sector organisations. The plug and play nature enables new suppliers/systems to be onboarded using open identity standards – reducing future investment in development.
It works with multiple identification providers and trust vectors to share central role or attribute data to allow the access of information, delivering the end user a consistent single sign on experience and flexible authentication methods. Having integration with NHS Login provides the service with NHS-compliant identity verification for patient access to data and systems.
Outcomes
GM Identity launched as an MVP with one use case in January 2020, but has since become considered to be a core digital component of what is known as the GM Digital Platform. It is one of the first non-NHSD apps to be authorised to use NHS Login (for secure and verified patient access). Yet it provides a variety of authentication options including Microsoft Identity, to enable controlled access to any app or resource that connects to it.
The system allows the flow of information to facilitate real world working practises and solve user problems so they can maximise interactions. Information can be shared between the general public, health care professionals and local authority representatives, safe in the knowledge the data is secure and being accessed by appropriate parties. GM Identity is currently utilised by applications to reduce smoking in pregnancy, digitise child development plans, and facilitate interactions with various stakeholders regarding school age children’s development requirements. We currently we are in talks to onboard applications which reduce homelessness, facilitate education funding, aid hospital discharge and support patients’ treatment journeys through complex ecosystems, amongst others.
The future
The most utilised application is Early Years, which allows new parents to interact with health visitors and provide development updates securely. Using a build-measure-learn approach, our next phase of the onboarding process is to facilitate P0 and P5 trust vectors to aid social inclusion and increase activation of users who prefer a lower trust vector registration process, whilst still delivering them functionality of value and enabling staff to carry out their assessments.
Having created a system which can handle both small and scale implementations we have roadmap aspirations to
- onboard further identity providers to widen citizen and non-GM staff access
- enable the movement of bank staff between organisations with ease
- facilitate the access of network-based devices and Wi-Fi
- lessen the administrative burden of joiners, movers and leavers with integration into HR systems
- widen our user management interface capability which allows application developers to manage their GMID configurations and administer users.
We are hoping the public sector can benefit from the innovative approach we’ve taken with GMCA and GMHSCP, therefore if you have IAM needs please contact our sales team.
Mark Wright
Chief Technology Officer
Shaping Cloud are a great partner to both the GMHSCP and the GMCA team.
GM Identity was commissioned to simplify and secure access across Greater Manchester. With the help of Shaping Cloud GM Identity is now an innovative product for the region, with limitless potential. It has been a pleasure to work with Shaping Cloud during the product development, they have handled the engagement with such enthusiasm from start to finish. Shaping Cloud continue to provide us with their advice, identity knowledge and technical expertise with the continuous development of GM Identity. They are a great partner to both the GMHSCP and the GMCA team.