Identity and Access Management Modernisation

Replacing a National Identity and Access Management System

The challenge

A large public sector organisation running one of the UK’s most critical identity platforms needed to replace a decade-old user registration and access management system. The incumbent was written in Java, considered difficult to change, and was falling out of alignment with the organisation’s security strategy. The service controlled role-based access for over one million user accounts across the country, with approximately 450,000 authentication events per day and around 25,000 new user registrations every month. It could not fail.

What we did

Aire Logic was brought in at the discovery phase and remained central to the programme through to production delivery. The work covered technical architecture, the development of a working prototype during alpha using ForgeRock Identity Management, and full delivery of the replacement service. The new platform was built on a REST API foundation with a Vue.js front end, deployed to AWS using Terraform and Docker, with Jenkins CI/CD pipelines running across multiple pre-production environments.

Security and data handling

Security requirements were stringent. All inter-service communication ran over TLS. The system held Class V personal data including passport and driving licence numbers, requiring close engagement with data protection and ICO guidance throughout. Two-factor authentication was enforced via OIDC integration with the existing national authentication service. Audit logging ran through AWS CloudWatch and Splunk. The team navigated a multi-cloud environment, with the legacy system on Azure and the new platform on AWS, and managed integration with several upstream identity services and directory systems simultaneously.