On this page

Purpose

Step 3 is about the Digital ID onboarding process and will require you to contact the Office of the System Administrator (OSA) at Services Australia and the Digital ID Regulator at the Australian Competition and Consumer Commission (ACCC). 

This step aims to help you:

  • set up your ICT delivery teams to align system architecture and operational workflows with recognised Digital ID standards and requirements
  • begin the regulatory process by applying to participate.

Please note: this step requires technical expertise from your agency's ICT delivery team.

Action 1: Register your interest

Before participating as a relying party in the Australian Government Digital ID System (AGDIS), the system requires your agency to register its interest to test and apply to participate. 

You can do this on behalf of your agency by completing the registration of interest form on the Digital ID system website. 

Once submitted, the OSA will contact you to provide you with further information and advise of the next steps. The OSA will continue to assist you throughout the onboarding journey and provide an overview of what to expect when joining the AGDIS.

You will also need to contact the Digital ID Regulator at the ACCC by emailing DigitalIDRegulator@accc.gov.au to inform them of your intent to apply as a participating relying party and to receive the details of the submission process.

Action 2: Apply to participate

Read through the Guidance materials for AGDIS participants and complete the ‘for approval’ form on the Digital ID regulator forms page.  

There are regulator forms and declarations that need to be completed accurately as part of the application pack for assessment. Your agency and its service/s you seek to provide within the AGDIS will be assessed against the Digital ID compliance obligations in the Digital ID Act 2024, the Digital ID Rules and the Digital ID AGDIS Data Standards.  

Please note that approval to participate/add an additional service can be assessed in parallel to testing with the OSA.

Once submitted, The Digital ID Regulator will assess your organisation's application as promptly as possible. The timeframe may vary depending on the complexity of the application, the completeness of the documentation provided and the volume of other applications under review. As a general estimate, the assessment typically takes a minimum of 8-10 weeks from receipt of a complete application.

Conditions and restrictions

At this point you will need to highlight any conditions around restricted attributes or other conditions that need to be sought. This includes requests and justifications for voluntariness exceptions if required. Please read the guidance on the obligations of approved entities and voluntariness obligations.  

Relationship Authorisation Manager (RAM)

RAM ensures that the right people have the right access to the right services on behalf of a business. If you require individuals from within another organisation to access your systems or services, then you may need to look at setting up RAM. If your organisation is using the RAM, the OSA will also provide your details to the Australian Taxation Office (ATO) for this process. Please visit the RAM website for more information or contact the RAM customer service team.

RAM onboarding should happen in tandem with onboarding into the AGDIS. It can be done after AGDIS onboarding, but this may cause delays and re-work by the Services Australia Identity Exchange to add the RAM configuration. It can also double as a testing requirements for the participating relying parties and test account creations for myID/RAM.

Please contact the OSA to discuss the process for onboarding to RAM.

Action 3: Preparing for technical onboarding

There are specific technical configurations and testing requirements for services and systems onboarding into the AGDIS. Services and systems must first establish a connection in the non-production test environment. Services can move to the AGDIS production environment once testing is complete and the Digital ID Regulator has approved your application.  

The OSA will provide the following documentation in their technical integration guide:

  • Digital ID Exchange Relying Party Technical Integration Guide  
  • OAuth 2.0 Authorization Framework [RFC6749]  
  • OAuth 2.0 Bearer Token Usage [RFC6750]  
  • OpenID Connect specification  
  • Digital ID AGDIS Data Standards  

On this page

Action 4: Onboarding to the non-production test environment

Once the ICT solution meets the requirements detailed in the documents outlined in Action 3, submit the "AGDIS Configuration Details – Test environment" document to the OSA (this document will be provided to you by the OSA).

This will begin the process of onboarding your service into the AGDIS Identity Exchange’s non-production test environment, hosted at Services Australia, to undergo initial testing. 

A minimum of 4 weeks’ notice is required to schedule deployment into the non-production test environment by the Identity Exchange and Relationship Authorisation Manager (RAM).  

What will happen next

Your organisation, the OSA and the Services Australia Identity Exchange team will need to work together. The OSA will provide the Services Australia Exchange team with the "AGDIS Configuration Details – Test Environment" form to review and record the necessary details, which can take up to 2 weeks.  

Once all details are confirmed, the Services Australia Identity Exchange team will set up your organisation and users in the AGDIS Administrator Portal. By doing this, a client identifier (Key identifier) will be generated and sent to the relevant ICT team in your agency to test authentication requests. 

The OSA uses the AGDIS Administrator Portal to communicate important information such as IT system incidents and changes. When you complete the configuration form, you will also need to provide your agency's ICT personnel contact details so the OSA can add approved users.  

Your service will be deployed in the non-production test environment and can begin testing:  

  • compliance and security testing  
  • connectivity testing  
  • user experience testing  
  • integration testing  
  • production release planning and execution.  

Deployment into the non-production test environment can take up to 12 weeks to complete.  

Recommendation

When your agency is scheduled to deploy into the non-production test environment, we recommend that you concurrently prepare your agency's application to the Digital ID Regulator. However, how your agency chooses to proceed with Steps 3 and 4 (concurrent testing or separate stages) will not impact how the Digital ID Regulator assesses your application.  

Action 5: Pre-deployment

To begin the process for deployment into the AGDIS production environment, your agency must complete and submit the "AGDIS Configuration Details – AGDIS environment" form and the "Pre-Deployment Checklist" to the OSA. These documents will be provided by the OSA when required.

Action 6: Prepares ICT risk assessments and plans for participation in the AGDIS  

Each relying party is required to prepare the following:  

  • written procedures for notifying the System Administrator promptly of both planned and unplanned outages that may affect AGDIS operations
  • cyber security management plan, including a risk assessment
  • Digital ID fraud management plan, including a risk assessment
  • disaster recovery and business continuity plan.

After preparation, this documentation requires written approval from the CISO, CTO, or equivalent authority.  

Please note: rather than creating new standalone documents, you can adapt existing internal ICT risk assessments and plans to include Digital ID specific sections.

All prospective Participating Relying Parties (PRP) must complete the Fit and Proper Person Declarations for associated persons. The following supporting evidence is required:  

  • a current organisation chart showing all associated persons and their relationships  
  • for bodies corporate: a corporate structure chart identifying the organisation, associates and associated entities
  • signed declaration forms from each associated person.  

Outcomes

After completing the above actions, your agency will have:

  • aligned your system architecture and operational workflows with recognised Digital ID standards and requirements
  • gained an understanding of what needs to be done to complete the regulatory process required to apply to participate
  • initiated working relationships with the OSA and ACCC.

Getting support or providing feedback

If you need support with the above actions, you can contact: 

  • the OSA for technical ICT related questions (the OSA will provide you with contact information once it has processed your agency's Registration of Interest or you can email AGDIS.Administrator@ServicesAustralia.gov.au)
  • the ACCC for regulatory and approval questions

To provide feedback on this step, please contact us

The Department of Finance acknowledges the Traditional Owners and Custodians throughout Australia and their continuing connection to land, water and community.