Sheffield has a proud history as a pioneering city. As part of a Sheffield-based multidisciplinary team we’ve built DWP’s first live-running Identity and Trust digital service, and we like to think we’re following in that trailblazing tradition.
DWP often works with other organisations and companies who help us deliver some of the services we provide for citizens. The DWP Authenticate service we’ve built helps these third parties safely and securely sign into an internal DWP system so they can carry out their work.
This is the story of how we built it.
Starting out with a problem statement
Previously third parties used a historic Government Gateway customer journey to access this DWP system. But as this was closing, our challenge was to build a replacement service which:
- was fast and easy for users
- provided a second layer of security, in addition to a password, for access to the DWP system (known as 2-factor authentication)
- could potentially be re-used by other teams further down the line
The first thing we did was set out a problem statement which really helped to focus our efforts.
We didn’t just want to look at a one-off tactical solution for one system. We needed a strategic, flexible product which was user-centred. We identified a gap in what was available for third party users as a whole and focused on that.
Focusing on our users
We thought of all the things that could go wrong from the perspectives of our users and our different stakeholders. Using scenario planning and stakeholder perspective analysis during implementation really helped us.
We also got creative with our user research and based on this initial body of work, agreed on a number of KPIs with our business stakeholders.
Our main aim was to improve the user experience. Despite building in 2-factor authentication step, we aimed for users to take on average, less than a minute to go through the user journey and successfully log in. A lot of hard work had to happen to get to that point!
Facing challenges as a team
On paper, at least, the service couldn’t be simpler. There are only a handful of screens for users to navigate. Firstly, entering a username and password, then the 2-factor authentication and finally additional options for password resets and to sign up.
Integrating this relatively simple footprint with existing legacy systems was the main challenge.
As a newly formed agile team with mixed levels of experience in government, the best way to tackle this was to collaborate and invest a lot of time making sure we understood all this context.
It wasn’t easy at times and when confronted with yet another unexpected technical challenge or problem, thinking of the bigger picture beyond the technology we were building helped us quite a lot.
We kept in mind that DWP Authenticate would improve the efficiency of £500 million of payments made by DWP. These payments are part of an entire support system for thousands of benefit claimants. Our work would indirectly help claimants find a job, or develop their skills to help them into work. That was a great motivator when the going got tough.
Reflecting on what we’ve achieved and looking to the future
All our user groups are now operationally using DWP Authenticate. We’ve had some really positive feedback from users, including comments like:
“The whole process has been straightforward and easy to use.”
“All users [from our organisation] have got in with no issues.”
“A lot of our staff prefer the new system as it’s much easier to use.”
But our work is by no means done. We have a programme of work to add new functionality and plans to hopefully re-use the service and plug into other DWP systems so there’s a common way of signing in to all our systems.
As a team we have a real sense of achievement that we successfully built and integrated this service. The most pleasing thing for us is the service just works.
So much of the effort can’t be seen by the user and it’s easy to lose sight of that. It’s as if the swan is gliding gracefully across the lake but you can’t see its feet under the water making it all happen!
We’ve built a lot of identity and trust knowledge in our hub that can be shared and we demonstrated the digital capabilities that exist within the Sheffield region. But more than anything, we’re glad we’ve been able to make things better for our users.
Like this blog? Why not subscribe for more blogs like this? Sign up for email updates whenever new content is posted!
Comment by Jonathan posted on
Great work! Can you link to the repo where this code lives?
Comment by Jenny Murray posted on
Thanks Jonathan 🙂 I'll DM you on cross gov. slack to chat about this.
Comment by Jenni Bird posted on
Why build this in the first place? There are plenty of 2FA login systems around, with SSO and SaaS in the private sector, open source modules and a couple of options within government.
Comment by Terence Eden posted on
This sounds brilliant. Is there a link to the source code?
Comment by Jenny Murray posted on
Thanks for your question, it’s a valid one to ask!
In government it’s really important we re-use technology or designs where possible when building digital services. The private sector 2FA examples you mention were not available to us but we built DWP Authenticate using technologies already used within government and specifically DWP.
Our challenge with this was to build a service that ensured the technology supported the needs of our users, whilst also being robust and scalable to cater for the other systems and use cases we may need to consider in the future.