IdentIT and ForgeRock enable tomorrow’s authentication needs for the Belgian Federal Authentication Service
A well-defined mission of FOD BOSA (Beleid & Ondersteuning – Stratégie & Appui) is the support of federal organizations in the digitization of public administration. An important aspect of this digitization is to provide a central identity provider, namely the Federal Authentication Service (FAS). The purpose of the Federal Authentication Service is to authenticate and authorize individuals and organizations. There are currently more than 2000 government applications connected to the Federal Authentication Service.
The Federal Authentication Service supports multiple authentication methods (keys) so that each citizen can identify themselves on the connected government applications in a secure and user-friendly way
To guarantee different levels of security, the connected applications ask for a Level of Assurance in their authentication request so the user can only authenticate with a strong authentication method.
For example, on the Tax-on-web application one can only authenticate with eID, ItsMe®, and three-second factor authentication methods including TOTP, e-mail OTP, and the federal token. Applications containing less sensitive data can choose to allow username and password without a second factor.
By providing multiple authentication methods, we ensure that it is simple yet safe for citizens to identify themselves onto
government applications. Non-Belgian European citizens can in turn use eIDAS to authenticate themselves securely, to access Belgian government applications.
The Challenges
IdentIT’s mission and challenge at BOSA are to respond to the growing demand in users, the number of logins, and the explosion in government applications. To give you an example regarding the growth of the platform; In 2012, BOSA had 2 million active users; today, this has already doubled to 4 million active users.
Ensuring the security and optimizing the user-friendliness of the platform at all times, in addition to answering the growing demand, are the main challenges of this project.
The Solution
To meet the growing demand in users, to guarantee security, and to optimize user-friendliness, IdentIT is working on the following in collaboration with BOSA:
General maintenance of the Federal Authentication Service (FAS)
Like all technologies, the FAS needs general maintenance and updates to remain relevant, up-to-date, and secure. This includes the management of all functional and technical components of the system as a trusted partner of BOSA.
The underlying technology includes the ForgeRock Identity Stack – ForgeRock Access Manager – to ensure a solid yet future-proof central Identity Provider.
Facilitate the increasing use of the FAS
Partly as a result of the covid-19 crisis and the associated applications for compensation yet the increase in teleworking, the number of authentications via the Federal Authentication Service is approaching five hundred million in 2020. Monitoring the performance and tuning of the central IDP accordingly is crucial to guarantee access to government applications.
Elaboration of the long-term vision and strategy
Access Management is constantly in motion and the way of authenticating/identifying users changes often. For this purpose, proofs-of-concept are always proposed, worked out, and analyzed. These continuous improvements guarantee the platform to be ready to meet new authentication standards. This long-term vision and strategy are converted into a clear and transparent roadmap in which IdentIT plays an important role.
Connecting government applications
Times change as well as protocols. Previously, government applications could only use the SAML protocol to integrate with the FAS. Partly due to the exponential growth of mobile government applications, the FAS has been supporting the OpenID Connect protocol for two years now.
Not only mobile applications enjoy the convenience of OpenID Connect, as a developer it is easier to support OpenID Connect than SAML 2.0.
Integration with ItsMe
IdentIT also actively participates in the development and integration of ItsMe® on the FAS platform. ItsMe® is an application that allows you to demonstrate your identity in a secure, easy and reliable way.
The use of ItsMe® continues to grow enormously. Most users prefer ItsMe® over eID because the process does not require external factors such as a card reader or an identity card. It’s a more user-friendly, faster and easier way to identify yourself and as a result, gain access to the desired government application.
About Forgerock
ForgeRock® is the Digital Identity Management company transforming the way organizations interact securely with customers, employees, devices, and things.Organizations adopt the ForgeRock Identity Platform™ as their digital identity system of record to monetize customer relationships, address stringent regulations for privacy & consent, and leverage the internet of things.
ForgeRock serves hundreds of brands, including Morningstar, Vodafone, GEICO, Toyota, and Pearson, as well as governments like Norway, Canada, and Belgium, securing billions of identities
worldwide.
Partners & products
ForgeRock, our partner with whom we have worked closely for many years, has an intelligent access engine perfectly designed to enable tomorrow’s authentication needs.
By leveraging a Zero Trust and Continuous Adaptive Risk and Trust Assessment (CARTA) identity orchestration framework, you can strike a balance between security and user choice, delivering a more secure and meaningful experience across all digital touchpoints for all users, anytime, and anywhere.