RESULTS
860K
registered users
Project goal
Custom development of a multi-factor, accessible and secure single sign-on platform
Technologies
React | Python | Django Rest Framework | Kubernetes | OpenID | SAML | Meet jitsi | FaceNet
Highlights
Design for security | Implementation of security evaluations | Accessibility standards | QA process
RESULTS
860K
registered users
Project goal
Custom development of a multi-factor, accessible and secure single sign-on platform
Highlights
Design for security | Implementation of security evaluations | Accessibility standards | QA process
Technologies
React | Python | Django Rest Framework | Kubernetes | OpenID | SAML | Meet jitsi | FaceNet
Uruguay is a leading country on electronic governmental initiatives
Uruguay is a leading country on electronic governmental initiatives
It’s a member of Digital Nations, a group of countries with the most advanced digital governments worldwide along with the United Kingdom, South Korea, and others. The National Agency for e-Government and Information Society is responsible for information technology and communications services and managing the country’s digital agenda.
The agency's purpose is to regulate digital procedures and execute projects to improve the quality and access of various services. Over the years, they developed a digital identification ecosystem based on the implementation of an electronic ID card for all 3.5 million Uruguayan citizens.
A single digital point of contact for all governmental departments
A single digital point of contact for all governmental departments
To make citizens’ lives easier with technology, the agency had the ambitious goal of integrating all governmental departments and their services under a unique single sign-on platform. On this platform, users would be able to register with their ID number and execute multiple federal transactions online. For some time, the agency hired a SaaS service to operate a single sign-on product, but they realized it didn’t meet their needs in terms of scalability or incorporation of new functionalities.
As their goal was to provide the most secure, accessible experience, they decided to build a custom platform in which users and organizations could rely on a unique account and strong security guarantees. To build this electronic identification platform, they opened up a national bid that Octobot ultimately won. Our experience delivering agile software projects and our track record of successful products were the differentiators that led the agency to select us as their partner.
A secure platform where citizens easily access online services
A secure platform where citizens easily access online services
The first project had a hard deadline. Over three months, our design and development team worked on a custom authentication broker based on the OpenID protocol, which allows users to have one account and connect with several third-party services without exposing their password. The broker acts as an intermediary on behalf of the end user, providing the service with an access token that authorizes specific account information to be shared.
Thanks to our agile approach and work culture based on open communication and adaptation to change, we concluded the project with success and on time, delivering a robust Python and React platform, designed to scale and support a high level of data and transactions. Since then, we have been collaborating with the agency to iterate the platform and keep making citizens' lives easier.
How it works
Registration
Anyone with a national ID from Uruguay or another South American country, as well as people with a passport from any country, can register on the platform.
Secure sign-in
Users are asked to provide different security details during sign-up such as a username and password and ID information.
Extra security factors
After signing up, users can also increase their security by adding extra factors like hard and soft tokens, cloud digital certificates, or a physical certification by visiting one of the government’s locations.
Access to services
Depending on the security level, the user will be able to access different third party services and perform over 2.300 public and private transactions remotely.
Accessibility
We designed a fully responsive product that works on every device and browser, and fulfills all UX accessibility standards.
Do you want to transform your business and your users’ lives?
Prioritizing security and privacy
We implemented different security evaluations throughout the development process, such as the Elevation of Privilege game, threat modelling, static code evaluation, and other senior practices for preventing and mitigating risks. Ethical hacking and penetration testing were also put in place after the product launch, as well as an audit conducted by a third party company.
The product was deployed on the government’s own infrastructure and since its launch, we have never had downtimes compromising the user experience, even when users' activity has increased significantly. Citizens rely on a unique and secure account to use different services with confidence and, at the same time, the platform assures people’s identity to all integrated services in both public and private spheres.
Most recently we've been working on accessibility improvements. Based on research led by the agency, they've been able to identify usability problems people generally face using the platform, especially in the registration and login pages. Thus, the majority of the improvements were done on these screens. Our design and development teams worked closely together to improve color contrast, sizes, spaces, and other accessibility details.
Another iteration was focused on updating the code environment and repos, in order to fulfill the client's organization standards. With this refresh on the code structure we're now able to use the newest version of the libraries, which makes coding work much more efficient, secure, and agile.
Nowadays, we've been working on a video call functionality. With this new feature, users will be able to increase their registration security level by connecting with the government through Meet jitsi and validating their identity from the comfort of their homes. Before this, users had to visit a government location in person to confirm their identities and increase security. Now, users will be able to connect with official representatives over a video call and their faces will get captured by the platform. Later, using facial recognition technology, the software will check with the national identification database if the person is who they're claiming to be. Right now, this feature is being polished and tested to be launched to the public in the best possible way.
A platform showcased at DjangoCon and the O’Reilly Conference
Python web development showcased at DjangoCon and the O’Reilly Conference
Our main counterpart on the client side was the agency’s Security team, but we also interacted with many governmental departments throughout the project to better comprehend the official systems our platform would integrate with. By fostering a positive relationship with all teams, we obtained valuable feedback that was very positive. As a result we were selected to work on other projects.
Due to this project’s innovative solution and impact, we had the opportunity to share our experience at various international events, including DjangoCon 2019 and the O’Reilly Conference 2020. You can listen to our CTO explaining how we built the platform, our challenges and lessons learned here.
After implementing our solution, the agency registered a 300% growth in registrations on the platform, which today has 860K registered users, representing 24% of the total number of Uruguayan inhabitants. The system receives more than 600K monthly logins and around 20K daily transactions.
See related cases
