Identity principles

Section 1: Support defragmentation

• Part of: Architecture: work in progress collection
• Last reviewed: 8 June 2026
• Owner: Head of Architecture

1. Align to a strategic authentication service

All systems must integrate with a strategic authentication service.

Why this is important

By aligning with a strategic authentication service, we simplify the end-user experience by re-using the same identity to authenticate to multiple services. Security is improved by centralising access records and managing and maintaining a single identity point.

Formal patterns are being developed at present with further information for adoption of standard services. In lieu of the formal patterns, high-level alignment to shared services is shown below:

• B2C - use the GOV.UK One Login service

• B2B - use DfE Sign-in

• B2E - use AzureAD, and leverage AzureAD B2B to invite guests

How to do this

You should:

• review strategic patterns for authentication services.

• ensure that new COTS (Commercial Off-The-Shelf) capabilities support integration into strategic authentication services

• develop using approved platforms and languages which support integration into strategic authentication services

• update existing capabilities to integrate into strategic authentication services

• retire capabilities which cannot support integration into strategic authentication services

2. Support an approved authentication method

Systems must utilise modern and secure authentication protocols which are replay-resistant.

Why this is important

Modern authenticate protocols provide greater levels of security against common attacks and malicious activity and are supported by the strategic authentication providers.

Legacy protocols are prone to common attacks which can lead to system compromise and data loss. Ongoing use of legacy protocols will create a dependency with legacy authentication providers, and/or weaken security due to retaining support for legacy protocols.

How to do this

You should:

• review strategic patterns for authentication methods

• ensure that authentication methods are included in selection criteria for COTS products

• develop using approved platforms and languages which support integration into strategic authentication services

• update existing capabilities to integrate into strategic authentication services

• retire capabilities which cannot support integration into strategic authentication services (as mentioned in section 1 above)