In a municipal organisation undergoing rapid digitalisation, in a world where more and more services are mobile – how do you navigate choosing an eID for your employees? In a webinar from 2021 Emil Sjöberg, IT Project Manager at SML-IT, told us about their choice of Freja OrganisationID as the employee eID for the participating municipalities. Here is his story.
SML-IT is the shared IT department for Sotenäs, Munkedal, and Lysekil municipalities, and is hosted by Lysekil. Emil tells in the webinar how the need for a new ID solution originally came up:
The SML municiaplities social care administrations switched out Magna Cura for Combine, and with that came the need to use two-factor authentication in computers, 1-1 phones, as well as shared devices, or as they’re sometimes called, pooled devices. When we started the project with Combine our immediate thought was to use employee IDs from SITHs on computers, and we were naturally planning on using Mobile BankID for the mobile devices. However, here we were met with opposition.
The unions were strongly opposed to the use of personal eIDs for work, as they are a personal document and would result in the use of personal identity numbers being used for professional authentication. SML therefore started looking for a new solution – one that would satisfy the requirements of both the IT departments and the unions. The list of specifications for the desired solution was as follows:
- The same authentication method, regardless of device
- Future-proof and user-friendly
- Minimal administration for the municipalities
- Automated lifecycle management
- LoA3
The requirements, combined with a recommendation from Uddevala Municipality, led to them looking closer at Freja OrgID. They contacted Freja for an introductory meeting to hear more about the solution, a meeting that Emil during the webinar described as follows:
For more or less the entire meeting when they [Freja] were describing their solution I sat there thinking – “Ok, this all sounds great, but where’s the downside? It can’t be as good as they’re saying?”. But it turns out, roughly 8 months later now, that it is! It’s an incredibly good solution, and the fact that Freja furthermore was the most affordable solution and met all our requirements didn’t hurt so to speak!”
Once they were happy that Freja seemed to be the solution to the various operational problems they were facing they came to the next question, namely, provisioning of service eIDs to the employees. Here, they turned to the supplier Svensk e-identitet, with whom they had a pre-existing relationship. Svensk e-identitet had a fully functional solution ready that, much like Freja OrgID, required minimal administration, much to the joy of both SML and Emil.
I’d like to say also that Svensk e-identitet really impressed us, not only with the solution they provided, but also their ability to deliver it in the tight time-frame provided.
Thanks to an AD-integration from Svensk e-identitet the whole package with Freja involves almost no administration at all in practice from SML. The employee provisions their OrgID on their own via the internal IT-portal and support regarding employee eIDs and Freja is handled by Svensk e-identitet and Freja respectively. Thanks to the fact that you can get Freja+ on your own in just a few hours and the employee provisions their OrgID themselves, Emil says they can have a fill-in employee ready to go in as little as 4 hours, and faster yet if the person in question already has Freja+ since before. Revocation of employee eIDs is further completely automated:
Perhaps the most important part in all of this is the fully automated life cycle management. Users who are entitled to an OrgID are in a specific catalog in our AD, that Svensk e-identitets integration looks at. When they terminate their employment they are removed from the catalog and the integration subsequently removes the attribute for OrganisationID and this is sent up to Freja who in turn remove the OrgID from the device.
A vital element behind the choice of Freja OrgID for employee eIDs was the ready-to-go solution for shared devices, otherwise called pooled devices or pooled phones – something that is especially important in the Home Care and Social Care services, where the need for employee eIDs also originated. Freja OrgID supports being temporarily transferred to a different device, and when this is done only the OrganisationID is transferred to the new device, not the users personal Freja+.
The OrgID is subsequently on the device for a pre-defined time, in SML:s case 10 hours, before it is automatically removed, but naturally it can be removed prematurely in several ways should the device need to be returned to the pool for whatever reason. Since Freja supports multiple employment eIDs for users, edge-cases such as employees who worked in multiple municipalities were also not an issue, as they could have OrgIDs from the various employers simultaneously.
The biggest benefits for municipalities are that it’s an affordable solution, you don’t need to deal with administration, and you get the automated life cycle management. We’re really happy with the solution.
William Blomquist was, at the time, the customer contact at Svensk e-identitet who helped SML-IT find the solution with Freja OrganisationID, and today he is the Sales Manager for OrganisationID at Freja. If you have any questions or thoughts about how OrganisationID might solve your operational problems, get in touch with William below!