Why AUSkey is being decommissioned?
AUSkey has not kept pace with changes in technology and does not meet the future needs of most businesses. You can find more detail on the Australian Taxation Office (ATO) website at AUSkey decommissioning.
What is replacing AUSkey?
AUSkey is being replaced by a new whole of government digital identity service – myGovID and Relationship Authorisation Manager (RAM).
Together, these services offer an easy, secure and more flexible authentication and authorisation solution.
- Standard and Admin AUSkeys have been replaced by myGovID and RAM, and
- Device AUSkeys will be replaced by a new Machine-to-Machine (M2M) authentication solution.
You can contact us for more information at IT@usi.gov.au.
USI adoption timeline
myGovID available for iPhone users.
myGovID available for Android users.
myGovID and RAM solution available for RTOs with individual ABN associates to connect to the Organisation Portal.
M2M authentication solution available for RTOs who utilise SMS business software to connect via USI web services (includes desktop and locally hosted software users).
M2M authentication solution expected to be available for RTOs who utilise cloud hosted services to connect via USI web services.
RTOs with non-individual ABN associates and Government entities connecting to the Organisation Portal and USI web services will be contacted by the ATO to assist with linking their business in RAM.
End March 2020
USI web services Version 2 will no longer be supported.
How will this affect you?
All Registered Training Organisations (RTOs) will be affected.
If you connect to the USI Registry via the Organisation Portal or have a Student Management System (SMS), the current AUSkey will not function after the end of March 2020.
Organisation Portal users
The RAM authentication solution is now available for RTOs with individual Australian Business Number (ABN) associates.
Organisation Portal users will need to acquire their own digital identity.
Principle authorities - Australian Business Register (ABR) listed individual associates, of an RTO’s ABN must also acquire a digital identity and can authorise another person with a digital identity to connect to the USI Registry Organisation Portal (on behalf of the RTO). This is similar to how a Standard/Personal AUSkey is set up however new mechanisms are used and the replacement file is not stored on a computer or USB. A connection can then be made using any device, anywhere, anytime.
See the ATO Video – How to get started with myGovID and RAM for more information.
Please note that RTOs with non-individual associates and Government entities that do not have an individual associate against their ABN cannot independently connect through RAM. This could include TAFEs, trustee companies, companies that use an ‘alternate director’, public and private schools (including school council/boards) and incorporated and unincorporated associations.
ATO are working with individual businesses to manually link their authorised contact in RAM and more information will be available soon.
Student Management System (SMS) users
The M2M credential is now available for RTOs with individual Australian Business Number (ABN) associates.
SMS users will need a new Machine-to-Machine (M2M) credential to replace a Device AUSkey in order to interact with USI Registry.
Components of the M2M solution include:
- A machine credential – equivalent to a Device AUSkey
- Machine Authentication Service – Secure Token (MAS-ST)
Authorised business representatives create and download machine credentials using RAM. Credentials can be installed on a server or stored locally to support locally hosted or desktop software.
A machine credential administrator must be nominated for each credential. That person is responsible for creating, as well as the ongoing management and safeguarding of the machine credential on behalf of the business.
The new credential is compatible with the latest versions of USI and SBR Software Developer Kits. The intent is that you will only need to obtain the new credential and change to use the new MAS-ST endpoint.
What should you do now?
Upgrade to web services Version 3
If you have not already done so, RTOs who utilise web services will need to upgrade to Version 3.
Update and clean-up your information
To prepare for the retirement of AUSkey, business associates and AUSkey administrators should do the following:
- Log into the ABR with an AUSkey and update business associate details to make sure they are correct (add associates which do not appear in the ABR and remove those who are no longer associates)
- Log into AUSkey manager with an Admin AUSkey and revoke any AUSkeys which are no longer required
- Log into Access Manager and ensure that the accesses for current AUSkeys are correct
Please refer to the following guides provided by ATO :-
Obtain a digital identity and set up in RAM
If you are an authorised individual for your business you can currently obtain a digital identity using the myGovID app. It’s easy, just download and install the app from the Apple App or Google Play store and set up your myGovID.
- Download the myGovID app
- Prove your identity
- If you are an associate of a business (DSP or RTO), claim your business in RAM
- Begin authorising others in your business
- Acquire your machine credential in RAM
For more help, see ATO videos:
- How to link your business in RAM
- How to create new authorisations using RAM
- How to import AUSkey users in RAM
- How to accept an authorisation in RAM
- How to create new machine credentials in RAM
Are you currently using a cloud-hosted service?
The cloud hosted M2M authentication solution is coming soon.
The Cloud Authentication & Authorisation (CAA) solution will also be transitioned from AUSkey to use myGovID and the new Machine-to-Machine (M2M) credential.
We will continue to support current CAA users and look to transition all cloud hosted services over to myGovID and RAM by March 2020.
An RTO using cloud-hosted services will not have to obtain their own M2M credential. The host service provider will be required to use their M2M credential to authenticate a connection to the USI Registry.
After obtaining a digital identity and claiming their business in RAM, the business associate of an RTO will need to access the ATO Business Authentication Manager (BAM) system and nominate/endorse the host service provider submitting transactions on their behalf.
Further details on this process will be provided directly to in-scope cloud hosting service providers and RTOs.