Authentication services: enabling secure online access

The Department of Finance Archive

The content on this page and other Finance archive pages is provided to assist research and may contain references to activities or policies that have no current application. See the full archive disclaimer.

I’m writing this blog post for members of the Australian Public Service, particularly those responsible for authentication services in their agencies. I want to make sure you are aware of the Government’s policy that authentication services are to be provided by a nominated set of lead agencies. 

Authentication services are used to enable secure access to online services. Authentication services typically use approaches such as a PIN and password through to more complex measures such as digital certificates.  All Financial Management Accountability (FMA) Act agencies are required to use lead agency services in place of investing in their own authentication capabilities. The only exemptions are authentication for e-health and the Department of Defence both of which have their own particular business needs. The lead agency model does not apply to government employee authentication because it also involves physical access considerations.

The purpose of the lead agency policy for authentication services is to minimise the number of authentication credentials required to access government and to maximise value from existing investments in authentication services. In other words, it aims to make access easier and government more efficient.

Lead agency authentication services cover access for individuals to government, business to government and government to government transactions. The three lead agencies are the Department of Human Services for individuals, the Australian Taxation Office and the Department of Innovation, Industry, Science and Research for business, and also for government to government transactions. An Authentication Governance Committee (AGC) monitors and manages the performance of the lead agency model. The AGC reports to the Secretaries’ ICT Board. Details about how agencies can access lead agency services are available on the Finance website.

Agencies that have a business case to invest in their own authentication capability will need to formally seek exemption through the opt-out process. Queries and comments about the lead agency model can be lodged at

Comments (1)

Comments on this post are now closed. Please let us know if you would like to discuss this post.

Last updated: 28 July 2016