New Secure Access Alpha Reassessment

The report from alpha reassessment for DfE's New Secure Access on 8 December 2017.

Service Standard assessment report

DfE Sign In

From: Government Digital Service
Assessment date: 8 December 2017
Stage: Alpha2
Result: Met
Service provider: Department of Education

The service met the Standard because:

  • The team had addressed the concerns the panel had at the original assessment and have carried out additional work resulting from it. The team is stronger, and the overall proposition is better understood.

About the service

Description

The user experience for external users accessing DfE secure services is poor with pain points including multiple access details and points and users being unable to self-serve and select their own usernames and passwords. This results in insecure workarounds and high user frustration. Due to the low usability, high-cost and low-speed to onboard new services to existing solutions; services have created even more logins so we have a fragmented landscape where our external users have multiple log-ins to access secure DfE services. This adds to the cumulative burden on their workloads and makes their interaction with the Department frustrating. DfE is also paying for the development, maintenance and support of each of these separate solutions.

DfE Sign In will unite this fractured landscape reducing the burden on users by providing users of secure DfE services with a great user experience and DfE service owners a cost effective, quick to onboard identity management provision.

Service users

Education sector employees e.g. colleges, schools, training providers and universities; Local Authorities; Internal DfE service owners and DfE Sign In help desk

Detail

The panel were grateful for the efforts the team had made since September, and the changes that have occurred.

Our primary concerns have been addressed, and the team reported that they’d gained additional insight from their research which had suggested additional areas for improvement.

The team has been supplemented by an additional designer, which has led to increased ability to prototype and test hypotheses rapidly. The team have also been seeking to rebalance the distribution between permanent and contract/supplier staff, with a number of new junior recruits expected to join the team in the new year. The panel were impressed with the prototypes exploring the far future concepts, and felt this was an appropriate use of the alpha phase.

The team have tested a number of authentication mechanisms with users including various forms of “federation”. Users described their confusion at the use of Vendors’ pages (eg Office 365 or Google) during this federated journey, although it wasn’t clear that this would prevent them from successfully authenticating in real-world use. The team did a spike on a ‘Universal Access’ approach with email redirection but this tested poorly with users.

The team have done research on commercial off the shelf solutions and did a week long hackathon with a Microsoft gold partner to better explore the Microsoft based solution called B2C, which did not fit well due to complexity and cost.

This investigative, exploratory approach should continue during Beta, particularly as more services are developed to include the DfE Sign Insolution – the team should remain open to alternative or additional, parallel routes to access the service, combining different methods to best meet users’ needs.

Ultimately the team found a compelling need for customised user journeys and have decided on a hybrid approach of custom built journeys on top of a mature open source identity product backed by a commercial directory service (Azure AD).

The team have engaged with the GaaP adoption team to discuss common platforms, and expect to use Notify in Beta. The team will further engage with GaaP in Beta to explore other opportunities.

Recommendations

To pass the next assessment, the service team must:

  • Build on recommendations made in the original Alpha report.
  • Embed the ‘sign in’ functionality into at least one successful ‘end to end’ service assessed at the ‘public Beta’ stage before seeking a further assessment for DfE Sign In as a standalone service.

The service team should also:

  • Aim to add further civil servant specialists, eg permanent designer, researcher and/or developer, into the team – whilst progress has been made, new recruits are currently either relatively junior or relatively generalist in their skills, where it would be good to see a blend of associates and experienced practitioners in post.

Digital Service Standard points

Point Description Result
1 Understanding user needs Met
3 Having a sustainable, multidisciplinary team in place Met
9 Using open standards and common government platforms Met
12 Creating a simple and intuitive service Met
13 Ensuring consistency with the design and style of GOV.UK Met
Published 30 July 2018