Steps to integrate GOV.UK Verify into your service

Development

Prerequisites:

Note

You only need to deploy your code to a server at the end of the development phase, when you test your matching service with the SAML compliance tool. You can do all development steps until this point on a development machine.

Step What you need to do

Set up the Matching Service Adapter for the SAML compliance tool.

To do this:

Outcome: you can start building your service.

For more information, see Install and configure the Matching Service Adapter.

Build a local matching service.

To do this:

  1. Define your matching strategy with your service manager.
  2. Use the example JSON matching request and the JSON schema to help build your local matching service.

Outcome: your service can match users’ verified identities to your data sources.

For more information, see Build a matching service.

Build a service that produces and consumes SAML.

To do this:

Outcome: you’re ready to run SAML compliance tests.

For more information, see How SAML works with GOV.UK Verify and the ‘Identity Assurance Hub Service SAML 2.0 Profile‘ .

Run SAML compliance tests.

To do this:

Outcome: your service and matching service can consume and produce valid SAML.

For more information, see see How SAML works with GOV.UK Verify.

Integration

Step What you need to do

Request access to the integration environment.

To do this:

  1. Obtain signed certificates for the integration environment from the IDAP test certificate authority.
  2. Fill in the ‘Request access to an environment‘ form.

Outcome: you’re ready to connect the Matching Service Adapter and your service to the integration environment.

For more information, see GOV.UK Verify environments and How a PKI works.

Connect the Matching Service Adapter and your service to the integration environment.

To do this:

Outcome: you’re ready to run end-to-end testing with test users.

For more information, see Install and configure the Matching Service Adapter and GOV.UK Verify environments.

Run end-to-end testing of all your user journeys in the integration environment.

To do this:

Outcome: your service can handle all the possible outcomes of end-to-end user journeys.

For more information, GOV.UK Verify environments.

Request access to the production environment.

To do this:

  1. Obtain signed certificates for the production environment from the IDAP certificate authority.
  2. Fill in the ‘Request access to an environment‘ form.

Outcome: you’re ready to connect the Matching Service Adapter and your service to the production environment.

For more information, see GOV.UK Verify environments and How a PKI works.

Connect the Matching Service Adapter and your service to the production environment.

To do this:

Outcome: your service is ready to go live.

For more information, see Install and configure the Matching Service Adapter and GOV.UK Verify environments.

Maintenance

Step For more information

Rotate your keys.

When the certificates containing your public keys are due to expire, replace your keys and certificates.

Outcome: the encryption and signing certificates for your service and Matching Service Adapter are up to date.

For more information, see How a PKI works.