Skip to main content

https://gds.blog.gov.uk/2021/09/08/how-will-the-new-single-sign-on-and-a-gov-uk-account-work-together/

How will the new single sign-on and a GOV.UK Account work together?

Person at a desk viewing a presentation on a laptop. Presentation screen is titled ‘One key for all your services’. Illustration on the slide shows 12 government department logos on the left with arrows pointing to three mobile screens on the right which demonstrate a mock user journey of logging-in to an online government account.

At GDS, our mission is to build a simple, joined-up and personalised experience of government for everyone. Over the last few months we've written about our work on a GOV.UK account, and a new single sign-on and digital identity solution. Today I want to talk about the strategy underpinning these initiatives, and how the systems are going to work together.

The principle of least astonishment

The GDS mission says we are here to make government simple. It's easy to say, but what do we really mean by that word, "simple"?

One approach to simplicity is to say: we want to surprise our users as little as possible. When they click a button, it should do what they expected it to do, not something completely out of the ordinary. This idea is sometimes called the principle of least astonishment.

Almost all successful digital organisations offer a single way to sign in across all their products. Your BBC account works for Weather and iPlayer, your Amazon account works for both shopping and video streaming, and your bank app lets you view both your current account and your mortgage. You could reasonably ask, why don’t government services work this way? Why are there well over a hundred different ways to sign in?

There are two reasons. One is about the public sector technology estate, the other is about GDS itself.

The challenge of steering flotillas

One of the reasons things don't work that way is that GOV.UK, while it appears to be one thing, is really assembled from hundreds of different products run by hundreds of different teams. The UK government has one of the most distributed technology estates of any organisation in the world. This is a tremendous strength, because it allows digital products to be built by the people closest to their users.

The drawback to this federated model is that all those different systems sometimes have to find different ways of doing the same thing. GDS has long championed an approach to this challenge known as Government as a Platform, where common components are built once and used by multiple services. This improves user experiences, drives down costs and makes service operations more efficient. GOV.UK Pay and GOV.UK Notify are two great examples.

So, to make ‘signing into GOV.UK’ work the same way across the whole site, we have to create a set of common systems so good that all these hundreds of teams want to use them. That's where the new single sign-on and identity checking solution come in. Think of them like new additions to the toolkit for building great government services (which today already includes GDS services, as well as great APIs offered by the likes of HMRC and DVLA among many others).

That's why we work so closely with people across government at all levels to guarantee that what's built works for both sets of users: users of government and teams in government.

Beyond one-size-fits-all

I said that there were two reasons why signing in to government services on GOV.UK doesn't always work as a user might expect. We've covered the first one, which is that government's distributed technology estate (a good thing) can end up with the same problem being solved in many different ways.

The second reason is that much of GOV.UK was never built with the expectation that people would sign in to it. If you forget for a second about the hundreds of services attached to it, the core of GOV.UK is an information-based website with about half a million content pages. If a user looks at one of those pages, the next user visiting that page will see the same thing. That might sound obvious, but it's very different to, say, the Spotify homepage, which will look quite different from one user to the next, based on personal preferences and previous usage.

The current one-size-fits-all approach has worked beautifully for years, and will always be the main way GOV.UK works. It's one of the things that helps keep GOV.UK loading super fast for millions of people every day. And if you just want to find out some information, it works great. For that reason, GOV.UK expects users will sign-in to access services (like Universal Credit, or Personal Tax Account) when needed, but it doesn't have a concept of users being signed in to the whole GOV.UK experience.

Until now, that is. The GOV.UK Account introduces, for the first time, the idea of being logged-in to GOV.UK itself – not just an individual service, but the whole website and all the services on it.

Personalised and proactive

This simple and powerful idea introduces a host of opportunities, many of which the GOV.UK Account team have already written about. Logging in to GOV.UK will let users bring together the information and services most relevant to them, and make it easier to keep track of what they're doing with different parts of government. A GOV.UK Account could, with permission, suggest what services a person might need next, show them services they're eligible for, and even notify them when policy changes affect them.

This gets to the heart of how the single sign-on and the GOV.UK Account work together: the single sign-on will provide an easy way for users to sign in from any part of GOV.UK, then the account will make the experience of GOV.UK better for those who are signed in.

Two illustrations separated by a dotted line showing how the user may experience the GOV.UK Account and single sign-on on a mobile device. The top illustration has five ‘screens’ with arrows between each pointing to the right to show the flow. The first ‘screen’ depicts a search engine and is labeled ‘search’. The second screen shows a mock GOV.UK web page titled ‘Request a basic DBS check’, labelled ‘government service’. The third screen is a GOV.UK web page titled ‘Sign in with your GOV.UK account’ and features two boxes, one to input an email address and and the other a password, as well as a button to sign in. This ‘screen’ is labelled ‘single sign-on. The forth ‘screen’ is a GOV.UK page titled ‘Prove your identity’ and features three options for identity documents, and a ‘continue’ button. This page is labelled ‘Identity Check’. The final ‘screen’ is agov.uk page with a green box that reads ‘Application complete’, labelled ‘government service’. The second illustration below features four ‘screens’ with arrows between each pointing right. The first is a mock GOV.UK homepage which reads ‘Welcome to GOV.UK’ and is labelled ‘GOV.UK’. The second ‘screen’ is a GOV.UK page page titled ‘Sign in with your GOV.UK account’ and features two boxes, one to input an email address and another for a password, as well as a button to sign in. The third ‘screen’ is titled ‘GOV.UK Account’ and featured three boxed options; Universal Credit, Request a DBS check, and Vehicle tax. This page is labelled ‘GOV.UK Account’. The fourth and final ‘screen’ is a GOV.UK page titled ‘Universal Credit’ with a blue box with £556 written in it. This page is labelled ‘Government service’.
This is a high-level sketch illustrating how users may experience the features of the GOV.UK Account and single sign-on system. The top illustration demonstrates the journey a user may take to access a government service via a search engine, and the bottom illustration shows a user journey with GOV.UK as the starting point.

Signing in will work the exact same way whether people sign in to fill in their passenger information, pay the Dart charge, or to subscribe to content updates on GOV.UK. If they've already signed into any other government service, there will be no need to sign in again. And while they're signed in, they'll have access to features on GOV.UK that provide more convenient access to services they use frequently.

Meanwhile, as Lead Product Manager Will Myddleton put it in a recent episode of the GDS Podcast, government teams will be able to spend "their budgets and their time and their human creativity solving the problems that are unique to their service." Users of government services will have fewer passwords to manage, and fewer systems to work out. And, for those who want it, there'll be a personalised experience of GOV.UK that goes beyond one-size-fits-all.

In one sense, it's transformative to how government services work today. In another, it's just… the least astonishing thing.

The team developing the single sign-on and identity checking solution are inviting service teams to take part in ongoing research and becoming early adopters of the new government solution. Visit the product page to find out more and register your interest in collaborating with the team.

Sharing and comments

Share this page

7 comments

  1. Comment by Newton Christian Okorogheye posted on

    THAT IS AWESOME, KEEP IT UP.

    Reply
  2. Comment by Hugh posted on

    Will there be different levels of gov.uk sign in?

    For example I would expect a less secure log on to pay a Dart charge as opposed to completing a tax self-assessment.

    Reply
    • Replies to Hugh>

      Comment by The GDS Team posted on

      Hi Hugh,

      There will be different levels of identity checks depending on the service you are looking to use. These levels will be agreed with the service themselves.

      Thanks,
      The GDS Team

      Reply
  3. Comment by Simon posted on

    Is this the right time to do this with scepticism over vaccine passports and national I.d cards....

    Reply
    • Replies to Simon>

      Comment by The GDS Team posted on

      Hi Simon,

      We understand the comparison but we are not building a national ID or similar scheme. What we are trying to build is closer to having an online login for your bank account, which enables access to all the bank’s services, rather than having to create separate accounts to apply for a loan, credit card or other service a bank might provide.

      We have heard consistently from users that having numerous logins to access government services is confusing, time-consuming and frustrating - we want to simplify this and make it easier for users to access government services. We have learnt a lot from previous attempts and the last 18 months has shown us how much this facility is needed by government and our users. This is about fast, simple and secure access to services for our users. And if you don’t want to have an account, you still don’t have to have one.

      Thanks,
      The GDS Team

      Reply
  4. Comment by Not Telling posted on

    As a British citizen, I frankly don't *want* a centralised government SSO. I'm deeply skeptical of the state, do not like giving out my personal details *at all* and if anything appreciated that each form asked the same thing anew as it made me think that the information was being stored in a compartmentalised fashion. Frankly, I guess I find the chaos and fiefdoms reassuring, beyond anything else.

    Reply
    • Replies to Not Telling>

      Comment by The GDS Team posted on

      Hi,

      We understand your perspective and that there are other citizens who will feel the same way. That is why we are taking a consent-based approach to make sure users of online government services remain in control of their personal information.

      Our aim is to give users choice over whether to save their personal details in an account for greater convenience, or to provide their details every time, as they prefer. Users will also be able to see which details they’ve shared, when, and with whom in their GOV.UK Account and manage these permissions over time.

      Thanks,
      The GDS Team

      Reply

Leave a comment

We only ask for your email address so we know you're a real person

By submitting a comment you understand it may be published on this public website. Please read our privacy notice to see how the GOV.UK blogging platform handles your information.