Machine to Machine authentication solution

From March 2020, AUSkey will be replaced by myGovID and Relationship Authorisation Manager (RAM).

Together with myGovID and RAM, a new Machine to Machine authentication solution (M2M) is also being delivered and will replace the Device AUSkey credential use in software.

The M2M solution will enable businesses and tax professionals to interact with ATO digital services through their software. The solution will support both cloud and locally hosted software.

Digital service providers (DSPs) can continue to test the M2M credential in the External vendor testing environment (EVTE) now to ensure their software is fully compatible by March 2020.

Until that time, AUSkey and Device AUSkey will continue to be supported while you move to the new authentication solutions (myGovID, RAM and M2M).

Components of the M2M solution include:

  • A machine credential – equivalent to a Device AUSkey credential
  • A Machine Authentication Service (MAS) – to replace the VANguard Secure Token Service (STS) service
  • RAM – an authorisation solution which allows users to manage who can act on behalf of their business. Access Manager is accessible from RAM.

Creating a machine credential

Soon you will be able to create a machine credential in RAM. From November 2019, you can start to use your machine credential.

In the meantime, if you’re a principal authority or authorisation administrator you can authorise a user as a machine credential administrator (MCA), allowing them to create a machine credential once available.

See also:

Machine credentials in RAM

On this page

Latest news

How the machine credential works

Phased delivery timeframe

Testing the machine credential

DSP requirements to test in EVTE

Digital identity working group

Contact us

Latest news

4 September 2019 – DSPs are encouraged to test the M2M solution for SBR 2 now. The solution will be available in production by the end of October 2019. A limited number of DSPs are testing a trial release of the new M2M solution for SBR1.

8 July 2019 – Participating DSPs successfully completed a trial release of the new M2M solution for SBR2. The new machine credential remains available in EVTE for DSPs to continue testing.

23 April 2019 – The new M2M authentication solution has full backwards compatibility with your existing SDK and Device AUSkey in EVTE.

How the machine credential works

High level design principles have been developed in collaboration with industry through the Digital identity working group to support delivery of the new machine credential. The functional high level design shows how the new M2M solution will work:

The machine credential can be created in RAM by an authorised business representative and is usually installed on a server.

A custodian must be nominated for each credential. They are responsible for appropriate use, management and safeguarding of the machine credential on behalf of the business.

The new machine credential is backwards compatible with the current Software Developer Kit (SDK). The intent is that you will only need to change to a new Secure Token Service (STS) endpoint.

Read more about AUSkey decommissioning.

Phased delivery timeframe

The M2M solution will be delivered in a phased approach. SDK is not a key dependency.

Phase 0 – M2M Test in EVTE

29 April 2019

DSPs can test M2M for SBR2 in the External vendor testing environment (EVTE).

12 September 2019

DSPs can test M2M for SBR1 in EVTE.

Phase 1 – Public beta Q3 2019 (without end-to-end encryption)

16 September 2019

You can authorise users as a machine credential administrator (MCA) in RAM.

October (TBC)

Machine credential download available in RAM to allow you to create a machine credential.

November 2019

Machine Authentication Service available for use by DSPs.

  • The M2M solution available in production. M2M will operate in parallel with AUSkey.

AUSkey/Device AUSkey decommission

March 2020

Device AUSkey will no longer work for users. M2M credential is the only credential to support software authentication.

Phase 2 – Public beta end-to-end encryption & supply chain visibility

April 2020 (TBC)

End-to-end encryption & supply chain visibility available.

Testing the machine credential

M2M testing in SBR2 EVTE is open to all DSPs and it is important you test early to ensure your software is fully compatible.

A limited M2M trial for SBR1 in EVTE is currently underway. Once finalised, all DSPs providing SBR1 services are encouraged to test their software products to check compatibility.

To begin testing the M2M credential in EVTE, follow the below steps:

  • log in to Online Services for DSPs using your Device AUSkey
  • new users only: Complete the SBR developer registration or new contact registration form
  • navigate to the M2M credential group and submit a ‘register for M2M testing in EVTE’ request
  • specify the environment (SBR1/SBR2) you wish to test in
  • you will receive a ‘Welcome pack’ via email with step-by-step details on how to test the new machine credential in EVTE.

DSP requirements to test in EVTE

To test the M2M credential you need to:

  • be currently consuming ATO services through SBR
  • be SBR registered
  • have an existing Device AUSkey
  • provide a main contact and phone number
  • provide language binding preferences.

The testing process requires you to:

  • test and analyse the performance of the M2M solution (machine credential)
  • compare the new M2M solution with current AUSkey one
  • confirm that the product meets your functional requirements
  • tell us about any issues via the feedback process through Online services for DSPs.

Feedback and support

You have the opportunity to provide feedback on your experience testing through the M2M credential group in Online Services for DSPs. Online support tools are available to you during EVTE testing, these are: 

  • a range of M2M online support materials
  • you can raise an incident or a question for M2M solution in EVTE, ask an M2M question or submit a report a M2M credential incident in Online Services for DSPs
  • internal support models are in place to ensure rapid escalation and resolution of all issues.

Digital identity working group

The M2M solution has been co-designed with industry through the Digital identity working group. If you are interested in finding out more about the working group visit the Digital identity working group.

Contact us

For more information or if you have any questions about the M2M solution and EVTE testing, ask an M2M question in Online Services for DSPs.