Monday, April 4, 2011

The Australian Government and SSO, Part 2: Electric Boogaloo. is the Australian government’s attempt at single sign-on (SSO) for citizens. According to, “Dealing with the Australian Government online just got easier, with a single account to sign on to multiple agencies.” Sound familiar?

Let’s make a ID and see if it lives up to the claim!

The signup process: the signup process is convoluted. Step 1 involves agreeing to terms and conditions which is reasonable. Step 2 and 3 involve picking a password and secret questions. Just wait…why are we picking a password before picking a username? Why are we doing this before even entering our names? It’s like an SSO version of Jeopardy where you enter the password first. After completing the signup, you are assigned a username that starts with two letters and followed by six digits. - final step of signup process
What an easy to remember username! (Don’t worry, I changed it before taking a screenshot)

Connecting your identity with other agencies: buried in the My Accounts section is a Manage Agency Links page that allows you to use your ID with the other government agencies. At the time of writing, there are only three: the Child Support Agency, Centrelink and Medicare Australia. - manage agency links screen

If you choose to link your ID with these agencies, you are prompted to enter your already existing username and password for those sites. - linking a CSA - linking a Centrelink account - linking your Medicare account

The screens prompting you to link your accounts.

It’s important to note that you can only link already existing agency accounts. You must create accounts individually at each government agencies before you can link them together with your, which defeats the purpose of single sign-on.

Once you’ve connected a pre-existing agency account, a link to the agency appears in your My Account section. To test, I’ve linked my existing Medicare Online Services account. A link now appears to Medicare Australia.


Clicking on this link gives me a…


…an error message saying “A SAML error has occurred.” That’s not good! As I am not a customer of the other agencies, I am unable to test the linking feature.

Password management: a minimum password complexity applies to IDs. With a single identity, it is important to allow strong passwords which make use of special characters. Unfortunately, some special characters are disallowed.

Other observations: if you forget your username, you are locked out of the service. There is no username recovery process. To change your secret questions, you need to answer a secret question. If you’ve forgotten the answer, you’re unable to change it. You are also unable to login, because you need to answer your secret question with each login.

Verdict: The inability to retrieve a lost username is a showstopper: it is not unreasonable for people to forget their username, especially if they can’t pick it and it consists of random characters and numbers. The same goes with secret questions. While other companies like Facebook, Google and Microsoft are implementing worldwide SSO systems with ease, the Australian Government are reinventing the SSO mistakes of 2006. is another disappointing attempt at SSO by the Australian Government, and I have no reason to believe it will improve any time soon.

No comments:

Post a Comment