Contributing to a country’s digital transformation

RESULT

860K

registered users
Highlights
Design for security | Implementation of security evaluations | Accessibility standards
Project goal
Custom development of a multi-factor, accessible and secure single sign-on platform
Technologies
OpenID | Kubernetes | SAML | Python | Django Rest Framework

RESULTS

860K

registered users

Project goal

Custom development of a multi-factor, accessible and secure single sign-on platform

Technologies

OpenID | Kubernetes | SAML | Python | Django Rest Framework

Highlights

Design for security | Implementation of security evaluations | Accessibility standards

RESULTS

860K

registered users
Project goal

Custom development of a multi-factor, accessible and secure single sign-on platform

Highlights

Design for security | Implementation of security evaluations | Accessibility standards

Technologies

OpenID | Kubernetes | SAML | Python | Django Rest Framework

Uruguay is a leading country on electronic governmental initiatives

Python web development

Uruguay is a leading country on electronic governmental initiatives

It’s a member of Digital Nations, a group of countries with the most advanced digital governments worldwide along with the United Kingdom, South Korea, and others. The National Agency for e-Government and Information Society is responsible for information technology and communications services and managing the country’s digital agenda.

The agency's purpose is to regulate digital procedures and execute projects to improve the quality and access of various services. Over the years, they developed a digital identification ecosystem based on the implementation of an electronic ID card for all 3.5 million Uruguayan citizens.

A single digital point of contact for all governmental departments

Python web development

A single digital point of contact for all governmental departments

To make citizens’ lives easier with technology, the agency had the ambitious goal of integrating all governmental departments and their services under a unique single sign-on platform. On this platform, users would be able to register with their ID number and execute multiple federal transactions online. For some time, the agency hired a SaaS service to operate a single sign-on product, but they realized it didn’t meet their needs in terms of scalability or incorporation of new functionalities.

As their goal was to provide the most secure, accessible experience, they decided to build a custom platform in which users and organizations could rely on a unique account and strong security guarantees. To build this electronic identification platform, they opened up a national bid that Octobot ultimately won. Our experience delivering agile software projects and our track record of successful products were the differentiators that led the agency to select us as their partner.

Python web development
Python web development

A secure platform where citizens easily access online services

Python web development

A secure platform where citizens easily access online services

The project had a hard deadline. We started in September and by the end of the year the previous platform was slated to shut down. Over three intense months, our design and development team worked hard to deliver on the client and the nation’s high expectations. As of today, we continue to work together in further iterations.

We built a custom authentication broker based on the OpenID and SAML protocol, which allows users to have one account and connect with several third-party services without exposing their password. The broker acts as an intermediary on behalf of the end user, providing the service with an access token that authorizes specific account information to be shared.

Do you want to transform your business and your users’ lives?

Prioritizing security and privacy

We implemented different security evaluations throughout the development process, such as the Elevation of Privilege game, threat modelling, static code evaluation, and other senior practices for preventing and mitigating risks. Ethical hacking and penetration testing were also put in place after the product launch, as well as an audit conducted by a third party company.

Thanks to our agile approach and work culture based on open communication and adaptation to change, we concluded the project with success and on time, delivering a robust Python platform, designed to scale and support a high level of data and transactions.

The product was deployed on the government’s own infrastructure and since its launch, we have never had downtimes compromising the user experience, even when users' activity has increased significantly. Citizens rely on a unique and secure account to use different services with confidence and, at the same time, the platform assures people’s identity to all integrated services in both public and private spheres.

1 K
registered users
0 K
monthly logins
0
months to launch
1 K
registered users
0 K
monthly logins
0
month project

A platform showcased at DjangoCon and the O’Reilly Conference

A platform showcased at DjangoCon and the O’Reilly Conference

Our main counterpart on the client side was the agency’s Security team, but we also interacted with many governmental departments throughout the project to better comprehend the official systems our platform would integrate with. By fostering a positive relationship with all teams, we obtained valuable feedback that was very positive. As a result we were selected to work on other projects.

Due to this project’s innovative solution and impact, we had the opportunity to share our experience at various international events, including DjangoCon 2019 and the O’Reilly Conference 2020. You can listen to our CTO explaining how we built the platform, our challenges and lessons learned here.

After implementing our solution, the agency registered a 300% growth in registrations on the platform, which today has 860K registered users, representing 24% of the total number of Uruguayan inhabitants. The system receives more than 600K monthly logins and around 10K daily transactions.

See related cases