Why AUSkey is being decommissioned?
AUSkey has not kept pace with changes in technology and does not meet the future needs of most businesses. You can find more detail on the Australian Taxation Office (ATO) website at AUSkey decommissioning.
What is replacing AUSkey?
AUSkey is being replaced by a new whole of government digital identity service – myGovID and Relationship Authorisation Manager (RAM).
Together, these services offer an easy, secure and more flexible authentication and authorisation solution.
- Standard and Admin AUSkeys have been replaced by myGovID and RAM, and
- Device AUSkeys will be replaced by a new Machine-to-Machine (M2M) authentication solution.
USI adoption timeline
myGovID available for iPhone users.
myGovID available for Android users.
myGovID and RAM solution available for RTOs with individual ABN associates to connect to the Organisation Portal.
M2M authentication solution expected to be available.
RAM solution available for RTOs with non-individual ABN associates and Government entities to connect to the Organisation Portal.
End March 2020
You can contact us for more information at IT@usi.gov.au
How will this affect you?
All Registered Training Organisations (RTOs) will be affected.
If you connect to the USI Registry via the Organisation Portal or have a Student Management System (SMS), the current AUSkey will not function after the end of March 2020.
Organisation Portal users
The RAM authentication solution is now available for RTOs with individual Australian Business Number (ABN) associates.
Organisation Portal users will need to acquire their own digital identity.
Principle authorities - Australian Business Register (ABR) listed individual associates, of an RTO’s ABN must also acquire a digital identity and can authorise another person with a digital identity to connect to the USI Registry Organisation Portal (on behalf of the RTO). This is similar to how a Standard/Personal AUSkey is set up however new mechanisms are used and the replacement file is not stored on a computer or USB. A connection can then be made using any device, anywhere, anytime.
See the ATO Video – How to get started with myGovID and RAM for more information.
Please note that RTOs with non-individual associates and Government entities that do not have an individual associate against their ABN, cannot currently connect through RAM. This could include TAFEs, trustee companies, companies that use an ‘alternate director’, public and private schools (including school council/boards) and incorporated and unincorporated associations.
ATO are working on a process and more information will be available soon.
Student Management System (SMS) users
The M2M authentication solution is coming soon.
SMS users will need a new Machine-to-Machine (M2M) credential to replace a Device AUSkey in order to interact with USI Registry.
Components of the M2M solution include:
- A machine credential – equivalent to a Device AUSkey
- Machine Authentication Service – Secure Token (MAS-ST)
Authorised business representatives create and download machine credentials using RAM. Credentials can be installed on a server or stored locally to support locally hosted or desktop software.
A machine credential administrator must be nominated for each credential. That person is responsible for creating, as well as the ongoing management and safeguarding of the machine credential on behalf of the business.
The new credential is compatible with the latest versions of USI and SBR Software Developer Kits. The intent is that you will only need to obtain the new credential and change to use the new MAS-ST endpoint.
What should you do now?
Update and clean-up your information
To prepare for the retirement of AUSkey and the new M2M solution, business associates and AUSkey administrators should do the following:
- Log into the ABR with an AUSkey and update business associate details to make sure they are correct (add associates which do not appear in the ABR and remove those who are no longer associates)
- Log into AUSkey manager with an Admin AUSkey and revoke any AUSkeys which are no longer required
- Log into Access Manager and ensure that the accesses for current AUSkeys are correct
Please refer to the following guides provided by ATO :-
Obtain a digital identity
If you are an authorised individual for your business you can currently obtain a digital identity using the myGovID app. It’s easy, just download and install the app from the Apple App or Google Play store and set up your myGovID.
See How to set up myGovID and RAM to confirm what you need before you download the myGovID app.
- Download the myGovID app
- Prove your identity
- If you are an associate of a business (DSP or RTO), claim your business in RAM
- Begin authorising others in your business who are required to be authorised
Are you currently using a cloud-hosted service?
The Cloud Authentication & Authorisation (CAA) solution will also be transitioned from AUSkey to use myGovID and the new Machine-to-Machine (M2M) credential.
We will continue to support current CAA users and look to transition all cloud hosted services over to myGovID and RAM by March 2020.
An RTO using cloud-hosted services will not have to obtain their own M2M credential. The host service provider will be required to use their M2M credential to authenticate a connection to the USI Registry.
After obtaining a digital identity and claiming their business in RAM, the business associate of an RTO will need to access the ATO Business Authentication Manager (BAM) system and nominate/endorse the host service provider submitting transactions on their behalf.
Further details on this process will be provided directly to in-scope cloud hosting service providers and RTOs.