Why AUSkey is being decommissioned?
AUSkey has not kept pace with changes in technology and does not meet the future needs of most businesses. You can find more detail on the ATO website at AUSkey decommissioning.
What is replacing AUSkey?
AUSkey will be replaced by a new whole of government digital identity service – myGovID and Relationship Authorisation Manager (RAM).
Together, these services will offer an easy, secure and more flexible authentication and authorisation solution.
- Standard and Admin AUSkeys will be replaced by myGovID and RAM, and
- Device AUSkeys will be replaced by a new Machine-to-Machine (M2M) authentication solution.
The replacement authentication mechanism requires an individual (authorised for the particular entities ABN) to first acquire a Digital Identity before they can obtain a machine credential.
See AUSkey is Changing factsheet.
You can contact us for more information at IT@usi.gov.au
How this will affect you
If you connect to the USI Registry via the Organisation Portal or have a Student Management System (SMS) the current AUSkey will not function after the end of March 2020.
Organisation Portal users will need to acquire their own Digital Identity.
Business associates of an RTO’s ABN must also acquire a Digital Identity and can authorise another person with a digital identity to connect to the USI Registry Organisation Portal (on behalf of the RTO). This is similar to how a Standard/Personal AUSkey is set up however new mechanisms are used and the replacement file is not stored on a computer or USB. A connection can then be made using any device, anywhere, anytime.
Student Management Systems will need a new Machine-to-Machine (M2M) credential to replace a Device AUSkey in order to interact with USI Registry via a SMS.
Components of the M2M solution include:
- A machine credential – equivalent to a Device AUSkey
- Machine Authentication Service – Secure Token (MAS-ST)
Machine credentials are created by an RTO’s Business associate and downloaded using Relationship Authorisation Manager (RAM).
General principles of the new M2M solution
Authorised business representatives create and download machine credentials using RAM. Credentials can be installed on a server or stored locally to support locally hosted or desktop software.
A Custodian must be nominated for each credential. That person is responsible for creating, as well as the ongoing management and safeguarding of the machine credential on behalf of the business.
The new credential is compatible with the latest versions of USI and SBR Software Developer Kits. The intent is that you will only need to obtain the new credential and change to use the new MAS-ST endpoint.
USI adoption timeline
The indicative timeline (subject to change) for obtaining a Digital identity and integration/testing of the new M2M authentication solution:
myGovID available for iPhone users - who can obtain a myGovID and be able to access RAM to establish and create business authorisations.
myGovID available for Android users - who can obtain a myGovID will be able to access RAM to establish and create business authorisations.
End March 2020
Update and clean-up your information
To prepare for the retirement of AUSkey and the new M2M solution, Business associates and AUSkey Administrators should do the following:
- Log into ABR with an AUSkey and update business associate details to make sure they are correct (add associates which do not appear in the ABR and remove those who are no longer associates)
- Log into AUSkey manager with an Admin AUSkey and revoke any AUSkeys which are no longer required
- Log into Access Manager and ensure that the Accesses for current AUSkeys are correct
Please refer to the following guides provided by ATO :-
Obtain a Digital Identity
If you are an authorised individual for your business then you can currently obtain a Digital Identity using the myGovID app. It’s easy, just download and install the app from the Apple App or Google Play store and set up your myGovID.
See How to set up myGovID and RAM to confirm what you need before you download the myGovID app.
- Download the myGovID app
- Prove your identity
- If you are an associate of a business (DSP or RTO), claim your business in RAM
- Begin authorising others in your business who are required to be authorised
Download the myGovID app (includes in-built app tutorial)
Ensure you have updated to Web Service Version 3.0
All organisations utilising Web Services need to update to USI Web Service Version 3.0 as soon as possible.
Please note: USI Web Services Version 2.0 will not be supported after the new authentication mechanism is available.
The latest Web Services Version 3 Developer Kit can be obtained by emailing a request to: IT@usi.gov.au
If you currently use a cloud-hosted service
The Cloud Authentication & Authorisation (CAA) solution will also be transitioned from AUSkey to use myGovID and the new Machine-to-Machine (M2M) credential.
We will continue to support current CAA users and look to transition all cloud hosted services over to myGovID and RAM by March 2020.
An RTO using cloud-hosted services will not have to obtain their own M2M credential. The host service provider will be required to use their M2M credential to authenticate a connection to the USI Registry.
After obtaining a Digital Identity and claiming their business in RAM, the business associate of an RTO will need to access the ATO Business Authentication Manager (BAM) system and nominate/endorse the host service provider submitting transactions on their behalf.
Further details on this process will be provided directly to in-scope cloud hosting service providers and RTOs.