The Department for Work and Pensions (DWP) is responsible for welfare, pensions and child maintenance policy to around 20 million claimants and customers. It also provides information to around 20,000 local and central government users across 400 different networks
DWP had a need to replace the existing decommissioned multifactor authentication system with a suitable alternative. The transition would need to work with their existing physical tokens and be delivered with no downtime to their 20,000 users. In addition, several key enhancements were to be made to allow their users to ‘self-serve’ on several actions avoiding lengthy waits and a physical paper trail. The solution had to maintain service, improve performance and reduce costs with no loss of security.
Condatis in conjunction with DWP architects and Microsoft produced an Azure B2C based solution written with a Microservices based architecture. The system runs on two UK data centres with failover between the two. Users are multifactor authenticated using their credentials and their physical Onespan token. Role based access controls (RBAC) provides a 5-deep hierarchy of administrative users with authentication and workflows allowing DWP to populate, protect and monitor access to the overall system and their respective services.
Seamless transition was managed progressively through the project using ‘silent journeys’ and intermediate steps to allow each local authority in turn to experiment and to validate their revised access prior to full adoption. Transition was phased over several months.
- The resulting system performed faster and in addition, users were impressed with the efficiency improvements produced by their ability to self-administrate previously centrally handled functions. The interface employed Government Digital Services (GDS) guidelines throughout and were found to be easy to use.
- Maintenance and control were improved by having the complete system under the secure control of DWP’s own Azure subscription including all audit storage. This gave a larger sense of ownership than the previous solution. The project was delivered in an agile way using two week sprints.
- The system was and is extensible. The initial system provided local government access to three distinct services within DWP. A further two new services were added since go live with minimal additional work.