Skip to content.
|Networking government in New Zealand.
You are here: Home » Services » Authentication » Government Logon Service (GLS) » How the igovt logon service works

How the igovt logon service works

Most secure online services follow a standard three stage process for identity management:

three stage process for logon

The igovt logon service provides for second stage in this process - the ongoing confirmation of a person’s identity in an online service.

How the igovt logon service works for the people that use your agency's online services:

There are two core processes involved.

  1. The registration process for an online service and associating this with a person’s igovt logon details (such as a username and password). In this process the person obtains a new igovt logon, or they can use one they have already set up.
  2. The ongoing usage of the online service.  The person uses their igovt logon to re-confirm their identity each time they access the online service. This process is detailed below.


how logon works

How the igovt logon service protects privacy

The igovt logon service separates the logon details (the ‘key’) that gives users access to a government agency's online services from any information that the agency might hold about those people.  The igovt logon service does not create any new information flows between government service providers - an individual’s personal information is not shared between igovt and any participating government service provider or between government agencies using the service.

Every logon generates a federated identifier (unique code) when a username and password are correctly entered.  The federated identifier is sent to the government service provider to represent the igovt logon.  The federated identifier for any given logon will be different for each government service provider to which it is sent.  This approach avoids the use of unique identifiers which could be used to facilitate data matching or any exchange of data about a user.

For services that require extra levels of security the igovt logon process will also ask users to enter a code from an igovt token, or in the future, from a text message sent to a cell phone.  The code displayed on the token changes every 60 seconds and is unique.  The code sent to the phone is also unique.  The codes are synchronised with the igovt logon service, and must be entered correctly to logon.  These types of logons are known as two factor authentication.

Find out more

To find out more about how your agency can use the igovt logon service please contact igovt@dia.govt.nz