Modernizing Government Agencies: Why You Need Centralized Access Management
Government institutions generally rely on a mix of applications to serve employees and citizens. An institution responsible for insurance, for example, may have different applications for managing group benefits, submitting claims, and applying for extended coverage.
Often, user access to these applications is managed on a decentralized basis. That means that admins have to set policies and control access individually for every app, and users need different sets of credentials to engage with each digital government service—a frustrating experience for everyone.
By contrast, a centralized approach to access management brings all access points and administrative decisions under one roof. With a centralized system, government IT teams can design and apply access policies consistently across their apps and tools. This allows citizens to sign in to a single portal and access all the services they need as part of one seamless experience (something they’ve come to expect from their interactions with the commercial applications they use every day).
In the third installment of our “Modernizing Government Agencies” series, we’re going to explore why adopting centralized access management is more secure and intuitive for government agencies—and provide some best practices on how to make centralization a success. Let’s get to it.
The case for centralization
In a decentralized access environment, admins are tasked with making time-consuming access decisions—ironically getting in the way of better security. Managing access on an app-by-app basis can lead to human error and opens the door to vulnerabilities. If access and security policies aren’t consistent across applications, for instance, bad actors could gain access to confidential resources, including private citizen information.
By centralizing access management, government agencies boost security and usability in a number of ways:
Sophisticated management
Government IT teams can use one interface to manage all users, apps, groups, devices, APIs, and access policies. And as a result, admins gain a more convenient way to design and implement access policies across apps, create and adapt user permissions, and audit user accounts.
Smarter, faster event response
Not only does centralized access management make it easier to manage policies, but having a view of the agency’s entire slate of apps also helps IT quickly detect and respond to security incidents. Agencies can also use contextual factors like the app being accessed, authentication data, and user behavior patterns to make better-informed security decisions.
Frictionless logins
Centralized access management paves the way for tools like single sign-on, allowing citizens and government users to access all the resources and apps they need with one set of credentials. This improves the overall experience while reducing any security risks from weak or recycled passwords—and reduces the time helpdesk and admin staff spend on troubleshooting.
Best practices for centralized access management
We’ve learned that centralization gives government agencies greater control and visibility over access. Still, they need to optimize their platform in the right way to achieve secure and easy access management.
Here are some best practices to focus on:
- Establish comprehensive access policies based on criteria like user profiles, group memberships, applications, and network connections. This ensures a consistent security framework will apply even as your user-base evolves.
- Set up risk-based authorization to determine who can access particular resources and from where. Admins can establish risk signals for categories like user location, device, transaction, IP address, and plausible travel scenarios to prompt for further verification. This protects government apps and resources from untrustworthy access attempts.
- Use the centralized admin interface to maintain and update policies without relying on additional code from developers.
- Track and adopt the latest open identity standards, such as OpenID Connect and OAuth 2.0 for authentication and authorization, respectively. That way, you’ll use proven mechanisms to provide secure user access.
- Remember to use your APIs and servers to exert granular control over access to application backends, minimizing security risks in your internal processes.
Now that you understand why centralized access management is important and how best to implement it, let’s examine what it looks like in practice.
Centers for Medicare & Medicaid: Centralizing to success
The Centers for Medicare & Medicaid Services (CMS) administer healthcare programs in the United States. In response to an Act of Congress, CMS had the task of building a new online tool for healthcare providers to submit information about their services. The agency would then use this information to issue payment adjustments based on the quality and outcomes of care.
CMS sought to replace three in-house systems—each with its own website and legacy IAM set up—with a Quality Payments Program (QPP). Providers previously had to create and track a different set of account credentials for each system, and CMS was looking to create a single, streamlined user experience. CMS also saw the importance of API support in order to provide doctors with easy access to registries of healthcare information and reports.
Knowing that API support would pose a strong identity challenge, the agency chose Okta to help them navigate it. Having adopted our API Access Management solution, CMS’ developers were freed to focus on creating an inviting user experience, while Okta controlled access to the website and API. Not only that, but help desk admins were able to more easily find user information and troubleshoot issues using Okta’s centralized administrative platform.
With 15% of Medicare claims now submitted via Okta’s API, CMS and Okta’s collaboration has provided millions of healthcare providers with a more rewarding user experience—one that makes it easier to gather information and submit care reports.
By centralizing access management, government institutions like CMS can provide secure and accessible services for citizens. To learn more about what agencies can do to create seamless digital experiences, read our Modern CIAM for Government whitepaper or watch our Modernizing Citizen Experiences webinar.