RealMe is New Zealand’s voluntary, opt‑in digital identity service. It lets residents use a single username and password to securely access 163 government services across 56 public agencies, and it’s also used by some private sector organizations. As of the migration, RealMe supported more than 6 million sign-ins and authentications for a population of 4.9 million people. The Department of Internal Affairs (DIA) originally built RealMe as a bespoke, on‑premises solution using partner products and custom code. Over time, that approach became: - Complex and hard to adapt to new, more personalized digital services - Expensive to maintain, with upgrades requiring time‑consuming custom builds - In need of a major infrastructure refresh to meet modern security requirements, at a cost of millions At the same time, public cloud technology had matured significantly, offering secure, off‑the‑shelf capabilities at a more attractive price point. DIA wanted an identity verification service that: 1) Could be used by both public and private sector agencies 2) Could scale easily as usage grew 3) Would reduce total cost of ownership while improving security and user experience These drivers led DIA to move RealMe to Microsoft Azure Active Directory B2C (part of Microsoft Entra), working with implementation partner UNIFY Solutions.

DIA and UNIFY Solutions designed the new RealMe platform to combine cloud scalability with strong protection for sensitive identity data. Key architectural decisions: - Azure AD B2C as the front door: Users now access RealMe through Microsoft Azure Active Directory B2C, which handles sign‑ins, sign‑ups, and password management across all integrated government agency sites. - On‑premises storage of verified identity data: Sensitive verified identity attributes—such as name, date of birth, gender, and place of birth—remain on‑premises under DIA control. Azure AD B2C manages authentication, but the authoritative identity records stay in DIA’s environment. - Orchestration engine, not just a directory: The RealMe team uses Azure AD B2C as an orchestration engine to guide the user journey through the customer identity framework, rather than treating it as a simple directory. Security and monitoring: - Built‑in security features: Capabilities like smart lockout and self‑service password reset are used out of the box. Smart lockout helps protect accounts from brute‑force attacks, while self‑service password reset reduces manual handling of credentials. - Cloud‑based monitoring: Integration with Azure Log Analytics and Azure Sentinel enables advanced monitoring and alerting, helping reduce false positives and improving incident visibility. - Zero Trust direction: DIA is expanding a Zero Trust approach across the RealMe platform, aiming for end‑to‑end security from devices through to data, and is planning for passwordless authentication to simplify and secure the user experience. New Zealand also made a notable policy decision: based on its risk assessment and positive track record with Microsoft cloud services (including Microsoft 365, Azure, and Dynamics 365), it allowed New Zealanders’ authentication data to reside offshore in the Azure public cloud, while keeping core verified identity data onshore.

The migration of RealMe to Azure AD B2C has delivered a mix of cost, performance, security, and user experience benefits for the New Zealand Department of Internal Affairs. Key results and statistics: - Scale of migration: More than 6 million sign‑in and authentication records were moved to the new platform in a single migration window, covering 163 government services across 56 public agencies. - Timeline: Despite the disruption of a global pandemic, the UNIFY and DIA teams completed the new cloud‑based RealMe platform in about 18 months, with the final data migration completed in roughly 48 hours. The new system went live in July 2021. - Verified users: RealMe has verified 905,000 New Zealand residents so far, and that number continues to grow. Business and operational benefits: - Lower total cost of ownership (TCO): DIA reports a significant cost reduction compared to the previous on‑premises platform. Using built‑in Azure AD B2C capabilities, such as smart lockout and self‑service password reset, removed the need for custom development and reduced manual support work. - Faster enhancements: The cloud platform allows DIA to implement new features and improvements more quickly, without the heavy custom builds that were required previously. - Better user experience: Self‑service password reset and consistent sign‑in flows across agencies have simplified access for residents. RealMe continues to provide a single authenticator for multiple services, with the option for users to maintain one verified identity and additional pseudonymous identities. - Improved security and trust: Built‑in security features and cloud‑based monitoring have strengthened the security posture. For example, the Ministry of Health uses RealMe as the authentication layer for COVID‑19 related communications, helping ensure that sensitive interactions are protected. The project has also become a reference point for other jurisdictions. Moving approximately 6 million identities to Azure AD B2C with minimal user impact has positioned RealMe as a practical example of how governments can reimagine digital identity using cloud services, supported by close collaboration between DIA, UNIFY, and Microsoft.