My NS Account Overview - Digital-Platform-Services/My-NS-Account GitHub Wiki
What is My NS Account?
Formerly known as the Nova Scotia Login System, My NS Account is an Identity and Access Management system (IAM) designed to provide individuals access to Nova Scotian digital services.
My NS Account provides a single, centrally managed credential and identity to users. My NS Account functionality includes:
- account creation
- authentication
- authorization
- revocation
- single sign-on
- global logout
- profile management
Goals
My NS Account requirements focus on the goal of securely centralizing:
- Identity and Credential Management;
- Identity Attribute and Resource Authorization; and
- Authentication and Single-Sign-on.
One of the key goals of My NS Account is to decouple customer-facing applications from direct dependency on, and communication with, proprietary back-end infrastructure for authenticating Individuals (citizens, non-citizens and Government of Nova Scotia employees) and the storage and sharing of personal information across government departments.
My NS Account is based on the core concept of separating Identity and Credential from applications, which allows:
- An Individual the option to use a My NS Account credential (citizen) or a government managed credential to access multiple digital services;
- An Individual the ability to centrally manage their credential and identity;
- The ability for the solution to provide flexibility for future and independent uses for credential and identity; and
- Relying Parties to have a more consistent integration interface regardless of the underlying credential used by the Individual.
Who uses My NS Account?
The system is currently being used by over 100,000 users (citizen, non-citizen and Nova Scotia provincial employees) who require access to online government services.
Individuals can create a My NS Account username and password to login, while Nova Scotia Provincial Government and Health employees can use their Active Directory (STS or Health ADFS) credentials.
Identity Verification by Username
Single Sign-on
What features can a My NS Account provide Department Applications?
In addition to the core authentication and identity management features, My NS Account has several configurable features that Department Applications (further defined as Relying Parties) can choose from. These features include:
- role-based access controls;
- Relying Party (RP) affiliations and;
- authentication source control (citizen and/or employee)
What changes need to be made in order to integrate with My NS Account?
Relying Parties will need to implement minor front-end changes to their application to allow users to login and logout of My NS Account, as well as to access their profile. With respect to required back end changes, RPs will need to ensure their application is either SAML 2.0 or OIDC compliant, i.e. they must have the ability to send, receive and process SAML or OIDC requests/responses. See our RFP Requirements documentation.
How does your application integrate with My NS Account?
Relying Parties will need to ensure their application is either SAML 2.0 or OIDC 1.0 compliant, i.e. they must have the ability to send, receive and process SAML or OIDC requests/responses. See our RFP Requirements documentation
What information is provided in the SAML/OIDC messages?
My NS Account will send a SAML or OIDC response message back to Relying Parties after a successful authentication. Included in that message is a configurable set of user attributes including:
- the user’s name
- email address
- a unique identifier/GUID
Applications will also receive logout, revocation and change notification messages.
What types of applications can be integrated with My NS Account?
Any web or mobile application that has access to the internet can be integrated with My NS Account.
What if it is necessary to keep existing users’ accounts?
While the migration process will vary between RPs, the DPS team will work with any new RR to create a unique, automated user migration process to ensure historic user accounts are not lost when the service is connected to My NS Account.
What other Services are provided with My NS Account?
As part of the managed service, My NS Account provides:
- a bilingual customer facing (Tier 1) Service Desk 8AM – 8PM AT
- Monday to Friday to provide end user support
- online self-serve options
- group membership management
High Level Overview
My NS Account is architected to rely on industry leading technologies which meet and exceed the requirements defined by the Province of Nova Scotia's Digital Platform Services (DPS) team. The architecture has been influenced by relevant Canadian standards such as: