Identity principles
Section 4: Scalability
- Last reviewed
- 8 June 2026
- Owner
- Head of Architecture
15. Consider and support access from multiple platforms
Systems must support strategic authentication from all platforms used to access them.
Why this is important
Modern systems, both COTS and in-house developed, require access from a range of device types (for example, laptop, phone, tablet) and use-cases (for example, internal, supplier, citizen) which will utilise different methods of access.
The system must support a consistent identity and authentication method, regardless of how it is accessed and by whom.
How to do this
You should:
evaluate the access requirements from persona and devices as part of the discovery phase
ensure that access methods and use-cases are included in selection criteria for COTS products
develop systems which support the required use-cases and access methods
not align to internally focussed authentication services (Active Directory) if the system is intended to be used outside of DfE by third party users
16. Design the access model for growth
Systems must provide the ability to extend the access model for additional access and use-cases without re-architecting.
Why this is important
Systems may start with a small user community with simple access requirements. This will inevitably grow to accommodate more users with potentially more complex access requirements to segregate roles and data held within.
The business case for the relevant system should include details of the end-state which will include the potential scale and use. This should be reflected not just to the application and system architecture, but also the access model to ensure that this remains fit for purpose in the future.
How to do this
You should:
ensure the full scope of the system is understood and captured within the system design and as part of the selection criteria
ensure that the access model is granular where required to support future expansion of the service to accommodate additional users, use-cases and data separation
17. Ensure access model can support multiple domains and organisations
Systems must provide the ability to enable and control access across diverse user types and organisations.
Why this is important
Consumers of DfE’s systems are located across multiple organisations, both internally and externally. Systems providing services must therefore support the ability to recognise different user types and to manage access appropriately. This can be done by segregating access logically within the applications and/or the data stores used by the system.
How to do this
You should:
ensure the architecture of the selected or developed system supports logical separation at a sufficiently robust level for the data held within
ensure the access model within the system can leverage attributes held within the Identity Management platform. This will enable it make access decisions based upon a minimum of organisation and user role