Machine to Machine authentication solution

After 27 March 2020, AUSkey will be replaced by myGovID and Relationship Authorisation Manager (RAM).

Together with myGovID and RAM, a new Machine to Machine authentication solution (M2M), including machine credentials, will replace the Device AUSkey credential.

Machine credentials allow digital service providers (DSP), businesses and tax professionals to interact with ATO online services through their Standard Business Reporting (SBR) enabled software. DSPs can test the M2M credential in the External vendor testing environment (EVTE) to ensure their software is fully compatible before 27 March 2020.

Until that time, AUSkey and Device AUSkey will continue to be supported while you move to the new services (myGovID, RAM and M2M).

Components of the M2M solution include:

  • A machine credential – equivalent to a Device AUSkey credential
  • A Machine Authentication Service (MAS) – to replace the VANguard Secure Token Service (STS) service
  • RAM – an authorisation solution which allows users to manage who can act on behalf of their business. Access Manager is accessible from RAM.

Creating a machine credential

A principle authority or machine credential administrator (MCA) can create a machine credential on a device to interact directly with ATO online services. Machine credentials replace any AUSkey used in your software.

See Machine credentials on the RAM website for more information

On this page

How the machine credential works

Phased delivery timeframe

Testing the machine credential

DSP requirements to test in EVTE

Digital identity working group

Other resources

Contact us

How the machine credential works

High level design principles have been developed in collaboration with industry through the Digital identity working group to support delivery of the new machine credential. The functional high level design shows how the new M2M solution will work:

The machine credential can be created in RAM by an authorised business representative.

A custodian must be nominated for each credential. They are responsible for appropriate use, management and safeguarding of the machine credential on behalf of the business.

The new machine credential is backwards compatible with the current Software Developer Kit (SDK). The intent is that you will only need to change to a new Secure Token Service (STS) endpoint.

Read more about AUSkey decommissioning.

Phased delivery timeframe

The M2M solution is being delivered in a phased approach. SDK is not a key dependency.

Phase 0 – M2M Test in EVTE

29 April 2019

DSPs can test M2M for SBR2 in the External vendor testing environment (EVTE).

12 September 2019

DSPs can test M2M for SBR1 in EVTE.

Phase 1 – Public beta Q3 2019

16 September 2019

You can authorise users as a machine credential administrator (MCA) in RAM.

November 2019

Machine credential download is available in RAM to allow you to create a machine credential.

November 2019

Machine Authentication Service available for use by DSPs.

  • The M2M solution available in production. M2M will operate in parallel with AUSkey.

AUSkey/Device AUSkey decommission

After 27March 2020

Device AUSkey will no longer work for users. M2M credential is the only credential to support software authentication.

Testing the machine credential

M2M testing in SBR1 and SBR2 EVTE is open to all DSPs and it is important you test to ensure your software is fully compatible.

To begin testing the M2M credential in EVTE, follow the below steps:

  • log in to Online Services for DSPs
  • new users only: Complete the SBR developer registration or new contact registration form
  • navigate to the M2M credential group and submit a ‘register for M2M testing in EVTE’ request
  • specify the environment (SBR1/SBR2) you wish to test
  • you will receive a ‘Welcome pack’ via email with step-by-step details on how to test the new machine credential in EVTE
  • or you can contact DPO@ato.gov.au with the email heading, ‘Register for M2M testing in EVTE’, in your email specify the environment you want to test, e.g. SBR1 or SBR2.

DSP requirements to test in EVTE

To test the M2M credential you need to:

  • be currently consuming ATO services through SBR
  • be SBR registered
  • have an existing Device AUSkey
  • provide a main contact and phone number
  • provide language binding preferences.

The testing process requires you to:

  • test and analyse the performance of the M2M solution (machine credential)
  • compare the new M2M solution with current AUSkey one
  • confirm that the product meets your functional requirements
  • tell us about any issues via the feedback process through Online services for DSPs.

Feedback and support

You have the opportunity to provide feedback on your experience testing through the M2M credential group in Online Services for DSPs or DPO@ato.gov.au. Online support tools are available to you during EVTE testing, these are: 

  • a range of resources are available to support your move to M2M, myGovID and RAM.
  • you can raise an incident or a question for M2M solution in EVTE, ask an M2M question or submit a report a M2M credential incident in Online Services for DSPs
  • internal support models are in place to ensure rapid escalation and resolution of all issues.

Digital identity working group

The M2M solution has been co-designed with industry through the Digital identity working group. If you are interested in finding out more about the working group visit the Digital identity working group.

Other resources

The following resources are available to support you and your users with the move to myGovID, RAM and M2M.

Contact us

For more information or if you have any questions about the M2M solution and EVTE testing, ask an M2M question in Online Services for DSPs or contact DPO@ato.gov.au.