Protecting public government transactions as a private organization
Land Services South Australia (SA) was formed in 2017 to support the South Australian government with title registry and land valuation functions. The state wanted a technology, and service-centric, organisation to best help residents navigate the complex processes associated with property transactions, title changes, and valuation. In response, Land Services SA developed a custom-built sales and management solution, the South Australian Integrated Land Information System (SAILIS) that’s used both internally and externally by its customers, enterprise data solutions, consulting services, and more.
The organisation’s solutions guide customers through purchasing a variety of products such as ownership titles, completing lengthy due diligence tasks, and centralising personally identifying information related to their identities and finances. With so much vital data in a single place, the organisation needed an Identity solution that could keep up with evolving security standards without requiring ongoing maintenance. “As the guardians of invaluable personal and government data, we have to make sure our IT systems are well protected and regularly updated,” says Damien McDermott, Enterprise IT Architect with Land Services SA. “But we’re not specialists in that area. We’re experts in Land Information Systems and management, and we look for partners to really harden our security posture.”
With its existing password-based logins, the company was concerned about potential password breaches and data leaks. “There's been a significant rise in business email compromises in our industry,” McDermott shares. “If someone’s username is exposed, a threat actor could request a password change and gain access to their account, so we need to make sure that any abuse of accounts is limited or removed by adding more layers of protection.”
The company started its search for a fit-for-purpose Identity solution that was flexible, wouldn’t disrupt their existing user experience, and would allow the company to implement new layers of security such as Multi-Factor Authentication. Land Services SA already used Okta Workforce Identity internally, but it wanted to evaluate the market before assuming Okta’s customer identity features would meet its needs. “We met with a few Identity and Access Management vendors to be sure, and one of the companies we spoke to directly told us, ‘You’re better off choosing Auth0,’ so making the choice was easy,” McDermott says.
Improving the customer experience without disrupting users
Land Services SA took an incremental approach to its Auth0 migration by providing its existing users with transition instructions including workflow diagrams, guides, and FAQ pages. The organisation also prepared for a high volume of service calls and support desk tickets related to the change, but the increase was so small, they were able to speed up the change. “We took this route because we wanted to support our customers during the migration,” McDermott says. “But we were able to accelerate the process shortly after we started because of the low volume of service required. It was smoother than we could have anticipated.”
This transition also helped Land Services SA ensure all of its users had their own uniquely secured accounts instead of sharing logins. Assigning unique identities to every user, combined with the introduction of Multi-Factor Authentication (MFA) and Passwordless logins, have fundamentally shifted Land Services SA’s security posture. “Nothing is ever 100% secure, but this change has been a huge posture lift,” McDermott says. “Introducing MFA and passwordless biometric login options has significantly reduced the potential for account exploitation.”
Scaling while maintaining government-level security and compliance standards
As a government contractor protecting user data is a non-negotiable standard for Land Services SA. With Auth0, the team has a centralised view of its existing user and a unified source of identity for any accounts interacting with its data.
This improved visibility supports its compliance work as well since it has clear audit records and ensures it can meet contractual compliance obligations, such as Payment Card Industry Data Security Standards (PCI DSS), and maintain certifications such as ISO27001.
A unified customer Identity also gives Land Services SA an opportunity to connect these accounts to other applications and services in a similar ecosystem. “Across our customers who use SAILIS and our commercial products, we are finding additional value in centralising identity management through Auth0,” McDermott says. “If an individual at a customer’s organization leaves, we can remove or disable an account in a single location, and we’ll know that their access has been revoked across all of our applications.”
Unifying Identity for a growing Land Services suite
As Land Services SA continues to grow, it’s connecting more of its services and solutions to accounts secured by Auth0. The organisation also aims to phase out SMS-based MFA with more secure, passwordless solutions over time. “As market and customer sentiments shift, we’re looking forward to moving to a completely passwordless authentication experience,” McDermott says. “And we know that Auth0 will help us do just that for all of our customers.”
About Land Services SA
Land Services SA is the exclusive service provider of transactional land services and property valuation services for the South Australian Government. The organization offers a range of property transaction and valuation services, property information products, custom data sets, and reliable market insights from reliable property experts.
