Skip to main content

Made in Sheffield: how we built the DWP Authenticate digital service

Screen shot of the Authenticate signing in window asking the user for their email address and password
DWP Authenticate sign in window

Sheffield has a proud history as a pioneering city. As part of a Sheffield-based multidisciplinary team we’ve built DWP’s first live-running Identity and Trust digital service, and we like to think we’re following in that trailblazing tradition.

DWP often works with other organisations and companies who help us deliver some of the services we provide for citizens. The DWP Authenticate service we’ve built helps these third parties safely and securely sign into an internal DWP system so they can carry out their work.

This is the story of how we built it.

Starting out with a problem statement

Previously third parties used a historic Government Gateway customer journey to access this DWP system. But as this was closing, our challenge was to build a replacement service which:

  • was fast and easy for users
  • provided a second layer of security, in addition to a password, for access to the DWP system (known as 2-factor authentication)
  • could potentially be re-used by other teams further down the line

The first thing we did was set out a problem statement which really helped to focus our efforts.

We didn’t just want to look at a one-off tactical solution for one system. We needed a strategic, flexible product which was user-centred. We identified a gap in what was available for third party users as a whole and focused on that.

Choice of authentication screen where the users need to choose the way they are going to authenticate themselves either by text messge or the phone app
Screen displaying the choice of authentication

Focusing on our users

We thought of all the things that could go wrong from the perspectives of our users and our different stakeholders. Using scenario planning and stakeholder perspective analysis during implementation really helped us.

We also got creative with our user research and based on this initial body of work, agreed on a number of KPIs with our business stakeholders.

Our main aim was to improve the user experience. Despite building in 2-factor authentication step, we aimed for users to take on average, less than a minute to go through the user journey and successfully log in. A lot of hard work had to happen to get to that point!

Facing challenges as a team

On paper, at least, the service couldn’t be simpler. There are only a handful of screens for users to navigate. Firstly, entering a username and password, then the 2-factor authentication and finally additional options for password resets and to sign up.

Integrating this relatively simple footprint with existing legacy systems was the main challenge.

As a newly formed agile team with mixed levels of experience in government, the best way to tackle this was to collaborate and invest a lot of time making sure we understood all this context.

It wasn’t easy at times and when confronted with yet another unexpected technical challenge or problem, thinking of the bigger picture beyond the technology we were building helped us quite a lot.

We kept in mind that DWP Authenticate would improve the efficiency of £500 million of payments made by DWP. These payments are part of an entire support system for thousands of benefit claimants. Our work would indirectly help claimants find a job, or develop their skills to help them into work. That was a great motivator when the going got tough.

Screen dispalying the the text message athentication box where the user needs to input the authentication code received by text
Text message authentication screen

Reflecting on what we’ve achieved and looking to the future

All our user groups are now operationally using DWP Authenticate. We’ve had some really positive feedback from users, including comments like:

“The whole process has been straightforward and easy to use.”

“All users [from our organisation] have got in with no issues.”

“A lot of our staff prefer the new system as it’s much easier to use.”

But our work is by no means done. We have a programme of work to add new functionality and plans to hopefully re-use the service and plug into other DWP systems so there’s a common way of signing in to all our systems.

As a team we have a real sense of achievement that we successfully built and integrated this service. The most pleasing thing for us is the service just works.

So much of the effort can’t be seen by the user and it’s easy to lose sight of that. It’s as if the swan is gliding gracefully across the lake but you can’t see its feet under the water making it all happen!

We’ve built a lot of identity and trust knowledge in our hub that can be shared and we demonstrated the digital capabilities that exist within the Sheffield region. But more than anything, we’re glad we’ve been able to make things better for our users.

Like this blog? Why not subscribe for more blogs like this? Sign up for email updates whenever new content is posted!

Sharing and comments

Share this page


  1. Comment by Jonathan posted on

    Great work! Can you link to the repo where this code lives?

  2. Comment by Jenny Murray posted on

    Thanks Jonathan 🙂 I'll DM you on cross gov. slack to chat about this.

  3. Comment by Jenni Bird posted on

    Why build this in the first place? There are plenty of 2FA login systems around, with SSO and SaaS in the private sector, open source modules and a couple of options within government.

  4. Comment by Terence Eden posted on

    This sounds brilliant. Is there a link to the source code?

  5. Comment by Jenny Murray posted on

    Hi Jenni

    Thanks for your question, it’s a valid one to ask!

    In government it’s really important we re-use technology or designs where possible when building digital services. The private sector 2FA examples you mention were not available to us but we built DWP Authenticate using technologies already used within government and specifically DWP.

    Our challenge with this was to build a service that ensured the technology supported the needs of our users, whilst also being robust and scalable to cater for the other systems and use cases we may need to consider in the future.