Data Center

2022 Tech Trends: States Eye ID and Access Management to Serve Citizens Online

Ohio’s single sign-on application demonstrates how governments can make the user experience easier.

Mickey McCarter is the senior editor of StateTech Magazine.

It was all the buzz at the annual gathering of the National Association of State Chief Information Officers this year: Every state seemed excited to implement an identity and access management program.

At the moment, Ohio administers perhaps the most mature state IAM program in the nation. Through the state's OH|ID application, Ohio residents can interact with a number of state agencies through a single sign-on that authenticates users and maintains personal information across multiple transactions, including the recent addition of applying for unemployment benefits.

"What we've done is we've blended the proper user experience into identity and access management to make that a frictionless experience when dealing with your account, which can be difficult for some citizens," Neal Gallucci, technical administrator for the Innovate Ohio Platform, tells StateTech.

Adds Brett Adamik, Innovate Ohio’s identity service manager, "We offer single sign-on, and we get self-service functionalities that apply to all of these different user journeys. If you have an account with one agency, that account will then transfer over to another agency. If you have to recover your password or any administrative task, it's all self-service, it's all easy to use and it's all secure."

Implementation of state identity, access and credentialing programs have strong momentum going into the new year, says Eric Sweden, enterprise architecture and governance program director for NASCIO.

“Many states are working on a single identity, or super identity, that ties to all the relevant credentials, licenses and other views of the citizen,” Sweden says.

Click the banner below to access all of our Tech Trends 2022 coverage.

Identity Management Requires Interagency Cooperation

“States will need to put in place the necessary capabilities to create and manage these super identities and the various credentials managed under that super identity,” Sweden says.

“Challenges to any governance, operations and technology include the need to continually maintain the level of technology investment. These challenges will be different in centralized versus federated organizations. No matter what the organizational model, governance must include all affected stakeholders.”

Ohio established the Innovate Ohio initiative to foster technological innovation that would ease citizen interaction with the government. Through the OH|ID IAM application, state residents eventually will be able to apply for all state licenses, pay fees and apply for benefits. The Ohio Department of Administrative Services, which serves as the technology clearinghouse for Innovate Ohio, works with other agencies to integrate programs to OH|ID.

Click the banner below to get access to a customized digital government content experience.

Most recently, Ohio DAS teamed with the Ohio Department of Job and Family Services to integrate OH|ID into the state’s unemployment insurance system, Gallucci says. The integration went live in November, and it took an all-hands-on-deck collaborative approach to accomplish it.

“We’ve implemented quite a few cutting-edge technologies with unemployment insurance specifically,” Gallucci says. “You now have to go through an identity proofing process. You go through multifactor authentication. There's adaptive access that happens behind the scenes. If you're coming from a known malicious IP, you just get blocked, and some other things happen in the background. There are a lot of things we are doing that are unusual for a government agency. They are more like things a bank would do.”

Adamik adds, “The other interesting thing about the way we implemented unemployment insurance is, depending on how you deal with that identity proofing, you actually see a different user experience. Just because you fail or did poorly on the identity quiz doesn't mean that you automatically get kicked out of the system. The agency decided early in the process that we still want you to be able to put in this unemployment claim. How do we address that? Basically, we take different actions depending on a minimum level of assurance.”

This allows the unemployment manual adjudication process to continue to work in rhythm with an enterprise identify proofing system.

Click here for additional insights from CDW on identity and access management.

Successful Agencies Prioritize Change Management Over Technology

Although Innovate Ohio has strong vendor partners with Deloitte Consulting, Amazon Web Services and IBM, the initiative is not about dropping technological solutions into the system to resolve challenges, Gallucci emphasizes.

“What we did differently is we focused on and invested in the user experience, the journey, how people are interacting with the state. Then we focused on change management and used that as a primary anchor to implement our technical solutions. Because at the end of the day, change is hard,” Gallucci says.

Alan Shark, executive director of the Public Technology Institute, agrees that an emphasis on change management over specific technology products pays dividends for a state IAM implementation.

“It’s an issue of finding the resources to do it and finding the ability for management to actually fund it, because some people continue with the idea of, if it works, don't fix it; if it’s doing its job, there are other priorities,” Shark says. “That’s unfortunate. This is where officials have to make a better argument for the benefits of change and why this integration is good for the public.”

He adds, “There’s greater emphasis today on IAM than ever before because now we’re asking the public to do more online business with government at all levels. Making it easier so that you don’t need separate identities is a no brainer.”

Ohio strives to “reduce barriers to entry through change management,” Gallucci says. The state studied how people interact with applications and mapped their user journeys. It then pursued strong change management and communication to ensure the success of implementing a single sign-on application.

“Those are the things that need to be accomplished in order to innovate, not the underlying technical solution,” Gallucci says. “You need it. You need some technical visionary minds to understand what to do and how to do it, but implementation and delivery are the key points.”

Illustration by Jacey