Create a configuration for each service you’re integrating
GOV.UK One Login is an OpenID Connect (OIDC) provider. An OIDC ‘relying party’ is a client application that outsources its user authentication function to an identity provider, which in this instance is GOV.UK One Login.
To interact with GOV.UK One Login, you must first register each of your services with GOV.UK One Login. You need to do this for each of the services that you want to integrate with GOV.UK One Login.
Understanding the client identifier
The client identifier is a unique value GOV.UK One Login requires to identify your services. GOV.UK One Login generates the client identifier for each of your services, when you register your service with GOV.UK One Login. GOV.UK One Login uses the client identifier to:
- retrieve configurations
- audit events
- capture performance analytics
- perform fraud prevention and data sharing
Why you should use a specific configuration for each service
You must use individual configurations for each of your services to get the following benefits:
- service specific reports with information about success rates and volumes
- protection for each service if another service has an outage - your other services will not be affected
- effective monitoring and detection of fraudulent activity
- better help for your users because the support team will have more detailed information on user activity
If you do not use individual configurations for each of your services, GOV.UK One Login cannot:
- monitor or detect fraudulent activities as effectively
- give you service specific analytics - we cannot generate this retrospectively if you later switch to individual configurations
- provide your users with a simpler and more personalised user journey
Organisations with multiple services may have additional requirements such as:
- sharing users across services - to enable this, set up a common sector identifier
- users that want to switch between services - to support users switching between services, your service must call the
/authorize
endpoint each time a user requests access to a new service
Once you have chosen which attributes your service can request, you can set up your service’s configuration with GOV.UK One Login.