AUSkey Transition Update Tax Profession Digital Implementation Group - - PowerPoint PPT Presentation
AUSkey Transition Update Tax Profession Digital Implementation Group Presented by Claire Miller Digital Business Lead, Digital Communications & Identity Services, ATO 14 November 2019 DIGITAL IDENTITY: TAX PROFESSION DIGITAL
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 1
Tax Profession Digital Implementation Group
Presented by
Claire Miller Digital Business Lead, Digital Communications & Identity Services, ATO
14 November 2019
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 2
AUSKEY TRANSITION UPDATE
AUSkey Transition Status update Machine to Machine Credential Update Transition Ramp-up Status Question and Answers Exceptions Update
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 3
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP
AUSKEY TRANSITION STATUS
Available Now
AUSkey users to the new solution (this will only work for people with a validated IP2 myGovID, allowing to cleanse any inaccurate AUSkey records).
up your AUSkey data (key pre-requisites for AUSkey transitions) are also available.
What’s Coming
to their online services using myGovID and RAM.
4
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP
DIGITAL IDENTITY (AUSKEY DECOMMISSIONING) TIMELINE
July –Oct 2018 Sep 2019 Custom Permissions (RAM)
2018 2019 2020
Private Beta M2M solution March 2020 AUSkey DECOMMISSIONED April 2019 May 2019 MyGov change to two factor authentication June 2019 Oct 2019 Private Beta (Various) Business and Tax Agents Dec 2019 March 2020 Nov 2019 Future Public Beta for Business Portal Private Beta myGovID (Android) Import AUSkey users (RAM) Private Beta Tax Agents (Phase 2) Public Beta for ABR Public Beta myGovID (Android) Change of Name (myGovID) (16 March) Birth Certificate (myGovID) (2 December) Agency Technical onboarding for 28 agencies
COMPLETED IN PROGRESS COMING
LEGEND
Public Beta Online Services for Agents (24 October) Public Beta Machine credential 14 November Private & Public Beta IP3 myGovID Private & Public Beta Online TFN application Manual Creation for RAM Relationships (Mid December) Communication released: IP1, desktop and smartphone (31 October) IP1 option available for agencies (2 December) IP1+
ATO clients (16 March) “Beta Status” transitions to “Live Status” Additional documents e.g. VISA (myGovID) 5
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 6
myGovID AND RAM TAKE-UP: AS AT 13 NOVEMBER 2019
myGovID was released in the Apple App Store on 8 June 2019 and Google Play Store on 4 October 2019 as a public beta. The table below provides an update on the number of myGovID downloads, linking of ABNs and Business Portal logins.
Business Portal & Online Services for Agents
myGovID Total to date: As at 13 November 2019 Total myGovID app downloads 167,357
146,982
20,375 Total myGovID Identities 100,252
23,801
76,451 RAM Total to date ABNs linked 72,428 Individuals linked to ABNs 39,494
32,041
4,286
3,167 Business Portal and Online services for agents Total to date Log-ins with myGovID Over 200,000
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 7
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 8
AUSKEY TRANSITION CLIENT GROUP EXCEPTIONS
Exception Use Case Solution Expected Date
verify their identity to a standard (IP2) identity strength.* Examples:
NAT 1589 to prove identity Individuals will be required to establish a Basic Identity Strength (Additional identification required for ATO access ‘ATO Basic+’) Mid-March 2020
Examples:
Australian Business Register (ABR)
ATO will assist organisations/agencies to link their business in RAM From December 2019
Example:
anglicised name) Individuals will need to contact the issuing authority and have their documents updated N/A
As part of a review of AUSkey transition client groups, some ‘exceptions’ were identified, as listed below: 0 Focus of discussion
* These exceptions don’t apply If your organisation is using SBR enabled software
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 9
USER IDENTITY STRENGTH AND ACCESS
STANDARD (IP2) ATO BASIC+ PROOF OF IDENTITY (IP1 for ATO) IDENTITY STRENGTH EVIDENCE ACCESS
Driver’s Licence and/or Medicare Card
Verified email, plus
current documents for tax purposes, OR
case contact the ATO for assistance)
Portal, Online Services for Agents & ABR
Business Portal and Online Services for Agents
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 10
EXCEPTION USE CASE 1: ATO BASIC+ IDENTITY STRENGTH REQUIREMENTS
The Principal Authority or Authorisation Administrator will need to create an authorisation for an ATO Basic+ myGovID user in RAM.
To access ATO online services, an ATO Basic+ user will need to:
documents must be a primary document.
Primary Documents (To be confirmed) Secondary Documents (To be confirmed)
name it won’t be classified as a second document)
address
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 11
EXCEPTION USE CASE 2: INDIVIDUAL CAN NOT LINK THE BUSINESS IN RAM
an associate listed in the Australian Business Register (ABR) will require assistance from the ATO to link their business or agency in RAM.
December 2019. More information will be available soon.
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 12
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 13
MACHINE CREDENTIAL
businesses and tax professionals to interact with ATO digital services through their software.
credential will replace the Device AUSkey and will be available mid November 2019.
representative to create and manage machine credentials on behalf of the business. A MCA will only be required if the business is using software.
what they need to do to transition.
there will be no impact on you as a user if you are using cloud based business software.
your software has been updated and you will need to get an updated version.
place
machine credential keystore (if required)
Cloud Software Desktop/or Locally Hosted Software
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 14
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 15
The below communication and engagement plan sets out the key activities to support the AUSkey ramp-up strategy.
RAMP UP COMMUNICATION & ENGAGEMENT HIGH LEVEL PLAN
OCT SEP NOV DEC MAR JAN FEB APR MAY
Xmas Break AUSkey Decommissioned
KEY RELEASES TRANSITION PHASES Soft Launch Public Release Super-charge MyGovID & RAM Business-as-usual EXTERNAL ENGAGEMENT COMMUNICATION FRONT-LINE SUPPORT BUSINESS LED ENGAGEMENT
Upskill existing RAM trained staff Upskill open forum support staff Conduct Industry/association briefings Open forum enrolments Pop ups at regional locations linked to open forums Train-the-Administrator Day Android public release Online Services for Agents release ABR on-boarding Import migration tool Machine to Machine (M2M) public beta RAM - Manual creation of relationships Pop ups at regional locations linked to open forums Open forum enrolments Small business Mobile Strike team visit 4
MONTHLY SPOTLIGHT/THEMES Get Ready Campaign: ABR and AUSkey clean-up Set-up and link your business Move your AUSkey data Transition before Xmas Blast off 2020 with a myGovID Time’s running out It’s time You now need myGovID and RAM
Release ‘how-to’ guides for ABR and AUSkey data Webinar: Linking my business in RAM, managing authorisations and import AUSkey data Webinar: Machine to machine credential Release videos: myGovID and linking your business Train-the-Administrator Day (targeted to key groups) Small Business Mobile Strike team visit 3 Small Business Mobile Strike team visit 1 Webinar: IP1 for Agencies myGovID Log-in: myGovID above AUSkey for Online Services for Agents Small business Mobile Strike team visit 5
INTERNAL ENGAGEMENT
Awareness Communications: NFPs, and relevant “Exceptions” – Commence transition in December myGovID & Online Services for Agents: System/Alert notifications on AUSkey transition myGovID Log-in: Reduce AUSkey log-in to a link myGovID Log-in: Remove AUSkey log-in option Tip sheets to staff/team leads Upskill Small Business Mobile Strike teams Agency communication pack released Release updated Vox-Pops on ease of use – Tax Professional, Small Business and Not-for- Profit (NFP) Reinforce use of ‘natural language’ Update Frequently Asked Questions (ATO and Agencies) Confirm agency readiness training requirements DPO: Update support model and external facing support material Support material to Key Agents, Large Service Team, Excise Team Upskill/operationalise interim support model Commence staged site- based training Call-backs for Small Business Continue staged site-based training Continue staged site-based training Social Media: Facebook, Twitter Social Media: Facebook, Twitter Bulk emails &SMS Bulk emails &SMS Train-the-Administrator Day (targeted to NFPs) Field Visits: Indigenous Groups/Key Agents etc. Conduct Industry/ association briefings Conduct briefing with Australian Charities & Not-for Profit Communities (ACNC) Train call centre staff Activities are in conjunction with the AUSkey Replacement Communication Implementation Plan Ramp-up complaints & CISC training and resourcing Account Key Manager talking points Exception communications Business led engagement will leverage existing activities being undertaken Pop ups at regional locations linked to forums Open forum enrolments Field Visits cont’d AUSkey has been decommissioned – you now need myGovID EWM forecasting through to March Update SMART headlines, scripting, emulators & L&D Upskill exiting trained staff Update headlines in SMART Update scripting and emulators Upskill exiting trained staff Updated L&D pack If required: EWM forecasting checkpoint EWM forecasting checkpoint Standardise B1 training to include myGovID and RAM Review L&D and support materials and update as required
AGENCY SUPPORT
Update SMART headlines, scripting, emulators & L&D Establish GovTEAMS Hub Tailor L&D pack, sample call centre scripting, IVR messaging, emulators Agency facilitated training by ATO Agency facilitated training by ATO Agency facilitated training by ATO Update L&D pack, sample call centre scripting, IVR messaging, emulators Update L&D pack, sample call centre scripting, IVR messaging, emulators White label content to Agencies and DSPs Bulk outbound emails Tax Professional livestream
IN SYSTEM NOTIFICATIONS
White label content about managing your trust & protecting your business Livestream for business White label content about getting set up for the new year Bulk outbound emails Livestream for business Commissioner speech at TIA Facebook live info night SharePoint page - program mgs Service Delivery Making connections sessions Key BSL engagement - Supporting clients make the transition/ promote resources myATO news articles (various dates) General staff awareness – AUSkey Replacement/Promote resources Key BSL engagement - Supporting clients make the transition General staff awareness- AUSkey Replacement – promote resources Key BSL engagements – Supporting final clients to transition. Thanks to staff. General Staff awareness - AUSkey Replacement wrap up VANguard log-in notifying clients AUSkey is being decommissioned Release RAM User Guide
Completed Activities
PR CAMPAIGN
Pending Royal Assent for a PR Campaign ‘Beta Status’ transitions to ‘Live Status’ IP1 for agencies Birth certificate (myGovID) Change of Name (myGovID) IP1+ for ATO clients myGovID Log-in: myGovID above AUSkey for Business Portal MAC users for AUSkey decommissioning Exception bulk emails Conduct transition hyper- care sessions Conduct transition train-the- administrator sessions
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 16
TRANSITION ENGAGEMENT & SUPPORT MODELS
Different levels of engagement and support will be provided based on the complexity of clients. Three levels of support will operate in parallel from Oct 2019 to Mar 2020. These will be adjusted based on feedback. Hyper-care
volume of ABN entities or AUSkeys and/or reputational risk associated with transition.
RAM and setting up authorisations including setting up a machine credential, with an optional third session, if required, focussed on Q&As.
step instructional guides, reinforced through communication messaging. Pre-recorded webinar sessions will also be available.
relevant websites.
engagement and communication activities. Small Business
emails through Small Business newsroom, Small Business Superannuation Clearing House (SBSCH) newsletter and general communications.
required support materials. Large – Medium Businesses, Agents & Government Agencies 1 2 3
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 17
The table below provides an overview of the engagement materials that are available/planned to support AUSkey transition.
ENGAGEMENT SUPPORT MATERIALS
Category Engagement Support Materials Status Videos
Available now Available now How-to-guides
Available now Available now Available now 22 November Forums
Complete To be completed Pre-recorded Webinars
22-November for all pre- recorded webinars Frequently- asked Questions
Ongoing
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 18
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 19
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 20
January 2020.
support material to help you. RAM: info.authorisationmanager.gov.au myGovID: www.mygovid.gov.au
NEXT STEPS
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 21
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 22
LINKING YOUR BUSINESS
User: Principal Authority What you’ll need:
Key Note:
Select businesses Select all the businesses you wish to link in RAM and select continue.
1 min
Your details Enter your personal address and select continue.
Business
2 mins
RAM
1 mins
Summary and Declaration Review the summary and select check box to accept declaration, then select submit to finish.
SUBMIT
1 min
Your email Input your email to receive a 6- digit verification
send email. Once you receive the code, enter it and select verify and continue.
2 mins
How to link your business: Estimated Total Time 7 Minutes Login with myGovID Log in to RAM by entering the 4-digit code into your myGovID app. Select ‘Link your Business’.
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 23
CREATING AN AUTHORISATION ADMINISTRATOR
Estimated Total Time 4-9 Minutes
User: Principal authority or an authorisation administrator What you’ll need:
business email, it does not need to be their myGovID email.
How to create a new authorisation: Customise access If you set level of access to ‘custom’, click the ‘ATO Access Manager’ link to choose which services this representative will be able to access. Adding a new user Select your business from the list. Then select ‘add new user’ Authorisation details and Agency access Complete the authorisation details . Select ‘continue’ and select their level
available agencies. Summary Review the summary and select check box to accept declaration, then select submit.
SUBMIT
1 min 1 min 1 min 5 mins
RAM
1 min
Login with myGovID Log in to RAM by entering the 4- digit code into your myGovID app. Select “Manage authorisations”. Representative details Update the full name- this must be their full legal name as per their myGovID and an email.
5 mins
Business
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 24
USERS ACCEPTING AN AUTHORISATION
User: A business representative who has received an authorisation code and a summary of the authorisation request via email. What you’ll need:
Key Note:
Estimated Total Time 10 Minutes How to accepting an authorisation:
RAM
1 mins
Enter the 6-digit authorisation code Enter the 6-digit code from your authorisation request email into the box titled ‘Enter an authorisation code’ then select submit. Summary Review the summary of the authorisation and select check box to accept declaration, then select accept.
ACCEPT
1 min 1 min
NOTE:
the code expires. After seven days, the principal authority or authorisation administrator will have to issue a new authorisation request.
authorisation once. Login with myGovID Log in to RAM entering the 4-digit code into your myGovID app.
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 25
IMPORTING AUSKEYS
User: Principal Authority or Authorisation administrator What you’ll need:
Key Note:
Estimated Total Time 11+ Minutes How to importing AUSkeys
RAM
1 mins
Bring your business into focus Select the business ABN and select ‘Import AUSkey user’. Select AUSkeys Filter and select AUSkeys to import. Update Details Update the full name and email address of the AUSkey holder. This must be their full legal name as per their myGovID . Summary Review the summary and select check box to accept declaration, then select submit.
SUBMIT
1 min 2 mins 5 mins 1 min
Agency Access Select agencies the user can access.
Agency Access
1 min
Login with myGovID Log in to RAM by entering the 4- digit code into your myGovID app.
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 26
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 27
The timeline below highlights the transition timeframe of the client experience groups and government agencies. Some client groups are dependant on delivery of key releases to commence transition. The dependencies are highlighted in green below.
CLIENT EXPERIENCE TRANSITION TIMELINE
OCT ‘19 MAR ‘20 NOV ‘20 DEC ‘19 JAN ‘20 FEB ‘20
Small Businesses: You can transition now if you:
AUSkey DECOMMISSIONED
JUN - SEPT ‘19
Small Businesses: You will need to wait to transition:
2019)
Provider (DSP) to use the machine credential solution (start in
Small Business
Small Businesses with non-individual associates: you will now be able:
[TBC] Small Businesses with desktop/locally hosted software: you will now be able to:
to the Keystore. Note : timing dependent on DSP Small Businesses can now get ready for the machine credential solution:
You can now use birth certificate as a document to establish your myGovID NFP: You can transition now if you:
NFP: You will need to wait to transition:
2019)
Provider (DSP) to use the machine credential solution (start in
Non-for-Profit
NFP with non-individual associates: you will now be able:
[TBC] NFP with desktop/locally hosted software: you will now be able to:
to the Keystore. Note : timing dependent on DSP NFP can now get ready for the machine credential solution:
You can now use birth certificate as a document to establish your myGovID NOW GET READY NOT YET
Public Beta myGovID Android Public Beta Online services for Agents (OSfA) Engagement Ramp-up Commences IP1for agencies option available (2 December) Birth Certificate (myGovID) available (2 December) IP1 for ATO available for ATO clients (16 March) Change of Name (myGovID) (16 March) Public Beta Machine Credential (15 November) ATO assistance to link non- individual associate (Mid December) Reduce AUSkey log-in to a link on all Portals “Beta Status” transitions to “Live Status”
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 28
The timeline below highlights the transition timeframe of the client experience groups and government agencies. Some client groups are dependant on delivery of key releases to commence transition. The dependencies are highlighted in green below.
CLIENT EXPERIENCE TRANSITION TIMELINE
AUSkey DECOMMISSIONED
JUN - SEPT ‘19 Tax Professionals
Tax Professionals: You can transition now if you:
Tax Professionals: You will need to wait to transition:
2019)
credential solution (start in Jan. 2020 TBC) Tax Professionals with non-individual associates: you will now be able:
[TBC] Tax Professionals with desktop/locally hosted software: you will now be able to:
to the Keystore. Note : timing dependent on DSP Tax Professionals can now get ready for the machine credential solution:
You can now use birth certificate as a document to establish your myGovID NOW GET READY NOT YET
Public Beta myGovID Android Public Beta Online services for Agents (OSfA) Engagement Ramp-up Commences IP1for agencies option available (2 December) Birth Certificate (myGovID) available (2 December) IP1 for ATO available for ATO clients (16 March) Change of Name (myGovID) (16 March) Public Beta Machine Credential (15 November) ATO assistance to link non- individual associate (Mid December) Reduce AUSkey log-in to a link on all Portals “Beta Status” transitions to “Live Status”
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 29
The timeline below highlights the transition timeframe of the client experience groups and government agencies. Some client groups are dependant on delivery of key releases to commence transition. The dependencies are highlighted in green below.
CLIENT EXPERIENCE TRANSITION TIMELINE
OCT ‘19 MAR ‘20 NOV ‘20 DEC ‘19 JAN ‘20 FEB ‘20
PMB: You can transition now if you:
AUSkey DECOMMISSIONED
JUN - SEPT ‘19
PMB: You will need to wait to transition:
2019)
credential solution (start in Jan. 2020 TBC)
Public and Multinationals* Private and Wealthy Groups
PMB with non-individual associates: you will now be able:
[TBC] PMB with desktop/locally hosted software: you will now be able to:
to the Keystore. Note : dependent on DSP POWG: You can transition now if you:
POWG: You will need to wait to transition:
2019)
credential solution (start in Jan. 2020 TBC) POWG with non-individual associates: you will need now be able:
[TBC] POWG with desktop/locally hosted software: you will now be able to:
to the Keystore. Note : timing dependent on DSP PMB can now get ready for IP1 authentication:
POWG can now get ready for IP1 authentication:
* Public and Multinationals includes Financial Institutions
POWG can now get ready for the machine credential solution:
PMB can now get ready for the machine credential solution:
You can now use birth certificate as a document to establish your myGovID You can now use birth certificate as a document to establish your myGovID NOW GET READY NOT YET
Public Beta myGovID Android Public Beta Online services for Agents (OSfA) Engagement Ramp-up Commences IP1for agencies option available (2 December) Birth Certificate (myGovID) available (2 December) IP1 for ATO available for ATO clients (16 March) Change of Name (myGovID) (16 March) Public Beta Machine Credential (15 November) ATO assistance to link non- individual associate (Mid December) Reduce AUSkey log-in to a link on all Portals “Beta Status” transitions to “Live Status”
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 30
The timeline below highlights the transition timeframe of the client experience groups and government agencies. Some client groups are dependant on delivery of key releases to commence transition. The dependencies are highlighted in green below.
CLIENT EXPERIENCE TRANSITION TIMELINE
OCT ‘19 MAR ‘20 NOV ‘20 DEC ‘19 JAN ‘20 FEB ‘20
Super : Get ready for transition by setting up your myGovID now:
AUSkey DECOMMISSIONED
JUN - SEPT ‘19
Super : You will need to wait to transition:
2019)
credential solution (start in Jan. 2020 TBC)
Super Government Agencies
Super with non-individual associates: you will need now be able:
[TBC] Super with desktop/locally hosted software you will now be able to:
to the Keystore. Note : timing dependent on DSP Government Agencies : You will need to wait to transition:
2019)
credential solution (start in Jan. 2020 TBC) Government Agencies with non-individual associates: you will need now be able:
[TBC] Government Agencies with desktop/locally hosted software you will now be able to:
to the Keystore. Note : timing dependent on DSP Super can now get ready for IP1 authentication:
Government Agencies can now get ready for IP1 authentication:
Super can now get ready for the machine credential solution:
Government Agencies: You can get ready for transition by setting up your myGovID now: Have a compatible smart device: Apple or Android You have 2 of the following documents:
Government Agencies can now get ready for the machine credential solution:
You can now use birth certificate as a document to establish your myGovID You can now use birth certificate as a document to establish your myGovID NOW GET READY NOT YET
Public Beta myGovID Android Public Beta Online services for Agents (OSfA) Engagement Ramp-up Commences IP1for agencies option available (2 December) Birth Certificate (myGovID) available (2 December) IP1 for ATO available for ATO clients (16 March) Change of Name (myGovID) (16 March) Public Beta Machine Credential (15 November) ATO assistance to link non- individual associate (Mid December) Reduce AUSkey log-in to a link on all Portals “Beta Status” transitions to “Live Status”
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 31
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 32
Digital Identity – M2M Solution (Tax Practitioner Use Cases)
Authorising a Machine Credential Administrator (MCA) and accepting request
Selects ‘Manage Authorisations’ and the business they want authorise a MCA for
Tax Agent using desktop software
Principal Authority or Authorisation Administrator logs into RAM with their myGovID (IP2)
Update
Await update from the DSP to consume machine credentials. Note: This is dependent on DSP updating their software
Update
USE CASE: I am a Tax Practitioner using desktop software
Administrator (MCA) to create the machine credential.
consume the new M2M solution.
Creating a machine credential in RAM Using desktop software
Selects ‘Add new user’ and appoints an MCA. Authorisation request is sent to the employee to accept
1
Employee logs into RAM with their myGovID (IP2) Employee enters authorisation code received in the email and accepts authorisation Principal Authority or MCA logs into RAM with their myGovID (IP2) Selects the business and ‘Manage Credentials’ Creates the machine credential/s and download to their server DSP consumes the new M2M solution and advises client that update is available. Client updates their software. Note: If the client hasn’t created their machine credential, the software won’t work. Tax practitioner can continue to use their software to interact with the ATO.
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 33
Digital Identity – Tax Agent/business using cloud software
Use updated cloud software
Where a Tax Agent or business is using cloud software (i.e. they have a cloud relationship in Access Manager with their DSP), they can continue using the product without disruption. This is because they use the software without their
be on the DSP to make all the updates. Tax Agent shouldn’t notice any change as all the changes will be behind the scenes.
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 34
Digital Identity – Tax Agent/business using desktop software
Appoint machine credential administrator/s
A machine credential administrator (MCA) will create, install and manage machine credentials. The MCA/s will create machine credentials according to their business requirements. This will vary from Tax Agent Practice to Tax Agent Practice. If business want individual users to have their own machine credentials, we recommend to get the MCA to create a machine credential on the machine/s which require the machine credential.
Create machine credential
Standard and administrator AUSkeys will no longer be able used to authenticate a software transaction. We advise to set up machine credentials prior to receiving the software product update. Failure to do so will mean that the software will not work as it cannot use an AUSkey (unless it is a device AUSkey) to authenticate a software transaction. The MCA can create the desired number of machine credentials on their own machine, and then securely move the keystore files to the desired machines . This will remove the need to install browser extensions on each machine. Up until mid-March 2020, initial use of the machine credential will fail. This will ‘prime’ the credential and it will be written to Access Manager with full permissions by default. Once the machine credential is used again it will successfully authenticate.
Permissions
Machine credentials permissions can be customised in Access Manager. Permissions from one credential (AUSkey for example) can be copied to another (Machine credential).
If the Tax Agent practice wants to have all staff utilise one or more machine credentials stored on a local server, they can use two methods: 1. Ensure the keystore path is on the server
user who needs to use the desktop software. 2. Get the MCA to either configure the updated software product to point to the new machine credential and provide the keystore password to the user; or give the user the keystore password.
If all staff want to utilise one
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 35
Digital Identity – DSP providing cloud software
Update software
Create machine credential
Create and install a machine credential via RAM. Store the machine credential in the same place as the device AUSkey is currently stored.
Apply cloud software role to machine credential
Log into Access Manager and select the Cloud Software role. Apply the Machine credential to their Cloud Software role. Configure cloud software product to consume the new machine credential.
Package and deploy update
Deploy subsequent update to the cloud for end users.
In order to configure their cloud software products to consume the new M2M solution, DSPs will be required to make a change to their software. They will need to update their end point from the VANguard STS service to the new MAS ST service. The end points are available in the following document: https://www.sbr.gov.au/sites/default/files/ato_sbr_ physical_end_points.docx
DIGITAL IDENTITY: TAX PROFESSION DIGITAL IMPLEMENTATION GROUP 36
Digital Identity – DSP providing desktop software
Update desktop software
In order to configure their desktop software products to consume the new M2M solution, DSPs will be required to make a change to their software. They will need to update their end point from the VANguard STS service to the new MAS ST service. The end points are available in the following document: https://www.sbr.gov.au/sites/default/files/ato_sbr_p hysical_end_points.docx
Package and deploy update
Once DSPs have updated their desktop software product/s they will need to package and deploy the updated product and provide the update to their users.
Possible channels of communication
Send an email to subscribed software users, advising that an update is available and providing installation instructions. Push a software update to users. In this event, the user has no choice and if they do not have a machine credential, the update will cause the software to cease working. Direct users to a website to get the software update.
ATO messaging
What is not accounted for here is where the user doesn’t have an active subscription with the DSP. In this situation, the ATO will ensure the messaging is received and that the user understands what they need to do. In any event, it is expected that many such Desktop software users will contact the DSP
software will no longer allow SBR transaction.