In this blog, we’ll walk through a recent implementation we delivered for one of our prestigious clients, an integration of their student-focused SaaS platform with RealMe, the official digital identity service from the New Zealand government.
We’ll explore why this integration is not only critical for the education sector but also essential for any organization handling user identification and verification within New Zealand. RealMe-based SSO brings government-grade trust and security to digital services, and we’ll highlight the value it brings in real-world use cases.
What Prompted the Integration?
Our client, a SaaS provider in the education sector, needed a secure and seamless authentication solution that could integrate directly with the New Zealand government’s identity verification systems.
Their platform required students to register and access services securely, ensuring that every registered user was indeed who they claimed to be. To meet this need for verified digital identity, we turned to RealMe.
It offered exactly what was required: a government-backed system that could validate user information with a high degree of trust and integrity.
Overview of RealMe and the Scope of the Implementation
RealMe is an identity verification and single sign-on (SSO) service maintained by the New Zealand government. It allows citizens and residents to securely access a wide range of online services across both the public and private sectors. For our use case, we implemented RealMe SSO within a Spring Boot Java application using Spring Security and SAML.
This allowed students to log in through the official RealMe identity provider, creating a secure bridge between the SaaS platform and the government’s trusted identity system. We’ll dive deeper into RealMe’s capabilities and wider impact in the sections ahead.
What is RealMe?
RealMe is a secure, government-backed digital identity and single sign-on (SSO) service developed and maintained by the New Zealand government. It enables individuals to safely access a wide variety of online services—from tax returns to visa applications—using just one login.
RealMe provides a streamlined and secure method for accessing both public and private sector services, granting users real access, real fast.
Creating a RealMe login is as effortless as providing an email address, selecting a username, creating a strong password, and answering security questions. After going through this step, they are good to move. On the platform, an account is created automatically, which is then accessible across multiple domains.
The system is essential in verifying identities. With a user’s RealMe account linked to their verified identity, the system ensures that sensitive actions, like applying for a student loan, managing tax records, or accessing sensitive health information, are done only by the rightful users.
With such capabilities, RealMe becomes not just a convenience but also a significant cornerstone of trust in the digital infrastructure in New Zealand.
RealMe is already integrated across a wide range of sectors, including:
- Education: Student enrolments, loans, scholarships
- Health: Accessing ACC claims and My Health accounts
- Government Services: Voting, tax filing, police vetting
- Banking & Finance: Identity checks for financial services
- Employment, Immigration, Housing, Transport, and more
Its continued adoption across both government and business underscores its growing importance in providing a reliable, secure digital identity infrastructure.
Why RealMe Matters in the Education Sector
Within the education sector, RealMe is crucial for simplifying access to services while protecting sensitive student information. As institutions of learning and SaaS environments continue to go online, there’s a growing need for secure, government-endorsed authentication systems. RealMe responds to that need with confidence.
RealMe allows students to safely log in to different government education services under one identity. It not only makes the user experience easier but also guarantees that the person logging in to the system is authenticated and reliable. It is beneficial for organizations by avoiding the complexity of having internal identity authentication systems and lessening the risk of identity fraud.
Key Use Cases in Education:
- Student Enrollment & Verification: Ensure students are who they say they are at the time of registration.
- Availability of Financial Aid: Safeguarded applications for student loans or allowances.
- Collaboration with Educational Institutions: Higher educational and vocational training institutions can integrate RealMe for compliance with the national identity verification framework.
Through RealMe integration, education service providers can achieve lower onboarding friction, better compliance with privacy regulations, and an overall improvement in the user journey. This is critical when working with sensitive information such as students’ academic records, payments, and grants subsidized by the government.
RealMe SSO with Java SpringBoot – The Technical Flow
For the integration of RealMe, we leaned on a modern Java-based tech stack that includes Spring Boot, Spring Security, and SAML 2.0. This tech stack enabled us to create a secure, extensible single sign-on (SSO) solution that fully complies with RealMe requirements.
At a high level, the RealMe SSO flow works like this:
- The user tries to access the protected resource.
- They are redirected to the RealMe Identity Provider (IdP) for authentication.
- Upon successful login, RealMe returns a signed SAML assertion.
- The application validates the assertion and logs the user in.
Our Java development team specializes in building secure, RealMe-compliant authentication solutions
Key Technical Components:
- SAML Metadata Setup: We configured RealMe’s IdP metadata in our application and exposed our own service provider (SP) metadata as required.
- Authentication Entry Points: Defined in Spring Security to redirect unauthenticated users to the RealMe login portal.
- Security Filters: Spring Security SAML filters handle incoming assertions and manage the authentication lifecycle.
- Assertion Validation: RealMe responses are validated using the appropriate X.509 certificates, including signature checks and attribute mappings.
This setup ensures end-to-end encryption and verification of identity throughout the authentication flow.
Implementation Challenges & Learnings
Integrating with RealMe was rewarding, but that came with its own fair share of challenges:
- Handling the SAML Response: RealMe was very strict in following SAML 2.0 standards, and the response attribute naming and structure required custom parsing and reassigning.
- Security & Certificate Management: Maintaining both client and RealMe certificates with a custom implementation proved challenging. The existing architecture also struggled to adapt to future certificate changes.
These learnings are crucial for any team planning a RealMe integration, especially in sensitive domains like education or finance.
These insights are essential for any team considering a RealMe integration, particularly within sensitive sectors such as education or finance.
Benefits of RealMe Integration
This integration delivered a range of tangible benefits for our client and their users:
- Seamless and Secure User Experience: Students now authenticate through RealMe without needing additional accounts or manual verification.
- Reduced Authentication Complexity: No need to build and maintain a custom identity verification system.
- Compliance with NZ Government Standards: Ensures alignment with RealMe’s secure identity practices.
- Scalable for Other Government Integrations: The same setup can be extended to integrate with other NZ government services using RealMe.
It’s a future-proof solution that simplifies both user access and backend authentication workflows.
Broader Applications of RealMe Across Sectors
While our use case focused on education, RealMe is widely adopted across a variety of sectors in New Zealand:
- Health: Secure access to ACC claims, medical records, and My Health accounts.
- Government Services: Filing taxes, applying for benefits, voting, and police vetting.
- Banking & Finance: Used for secure KYC processes and account access.
- Utilities & Private Sector: Power companies, telecoms, and other service providers support RealMe login for secure, unified access.
As the list of integrated organizations grows, RealMe continues to strengthen digital trust across the country.
Future Enhancements & Opportunities
Looking ahead, several exciting opportunities exist to build on this foundation:
- Federated SSO Across Educational Institutions: A shared authentication framework for all tertiary providers using RealMe.
- Mobile-first & MFA Integration: Enhancing login security and user convenience with mobile apps and multi-factor authentication.
- Serving Alumni and Lifelong Learners: RealMe-based access for users beyond their formal education years, enabling secure access to records and services long-term.
These enhancements could drive even greater adoption and efficiency across sectors.
Conclusion
RealMe brings powerful, government-backed identity verification into the digital age. Our integration using Spring Boot, Spring Security, and SAML allowed our client to offer a seamless, secure experience to their student users, aligning with New Zealand’s gold standard in digital identity.
For organizations in education, finance, health, or government, RealMe offers a trusted pathway to simplify authentication while ensuring maximum security and compliance.
If you’re considering a similar integration or exploring how RealMe can work for your platform, we’d love to connect and share insights from our experience.
Ready to implement RealMe SSO for your NZ platform?
