RealMe is New Zealand’s voluntary, opt‑in digital identity service. It lets residents use a single username and password to access 163 government services across 56 public agencies, and to securely prove their identity online to both public and private sector organizations. By 2017, the original RealMe platform—built in 2006 using partner products and custom code—had become complex and expensive to maintain. It struggled to adapt to newer, more personalized digital services, and the underlying network infrastructure needed a major upgrade to meet modern security requirements, at a cost of millions. The Department of Internal Affairs (DIA) wanted to: - Support both government and private sector use cases. - Scale easily as demand grew. - Reduce total cost of ownership (TCO). - Improve security and monitoring. Public cloud technology had matured significantly, offering built‑in security, scalability, and analytics at a more attractive price point. DIA partnered with UNIFY Solutions and selected Microsoft Azure Active Directory B2C, part of Microsoft Entra, as the new platform. This move allowed RealMe to keep verified identity data (such as name, date of birth, gender, and place of birth) on‑premises, while using Azure AD B2C as the cloud-based authentication layer for more than 6 million sign-ins and authentications.

DIA and UNIFY designed the new RealMe architecture around three core requirements: 1. **Simple, privacy-aware access** RealMe continues to provide a single sign-in for multiple government services, helping users access 163 services across 56 agencies with one username and password. Azure AD B2C acts as the authentication layer, while privacy is supported through consent-based information sharing and the ability to use pseudonyms that are decoupled from a user’s single verified identity record. 2. **Trusted identity with strong protection** Identity data is treated as a “crown jewel” asset. Verified identity attributes (name, birthday, gender, place of birth) remain on-premises under DIA’s control. Authentication data and sign-in flows are handled in Azure AD B2C, which provides built-in security capabilities such as smart lockout and integration with Azure Sentinel and Log Analytics for monitoring and alerting. This helps reduce false positives and supports a move away from managing security solely with on-premises tools. 3. **Scalable, future-ready model** The system is designed to link a trusted base identity with additional, consent-based information that can be shared with agencies and organizations as needed. Azure AD B2C’s scalability allows RealMe to support more than 6 million sign-ins and authentications, even though New Zealand’s population is 4.9 million, because users can hold multiple identities or pseudonyms. The architecture is also positioned to support a broader Zero Trust approach and future capabilities like passwordless authentication. This combination of on-premises verified data and cloud-based authentication gives DIA a way to protect sensitive identity information while taking advantage of cloud scalability and modern security features.

The migration of RealMe to Azure AD B2C has delivered several measurable and operational benefits for DIA and its stakeholders: - **Lower total cost of ownership (TCO)** DIA reports a significant cost drop compared to the previous on-premises platform. By using built-in Azure AD B2C capabilities—such as smart lockout and self-service password reset—the team reduced the need for custom development and manual support (for example, staff previously had to reset passwords manually). - **Faster enhancements and better user experience** With the new cloud-based platform, DIA can implement enhancements more quickly while maintaining a consistent user journey across government agency sites. The team deliberately relied on out-of-the-box Azure AD features, only customizing a small set of help desk functions for New Zealand users. - **Improved security and trust** Integration with Azure Sentinel and Log Analytics provides better monitoring and alerting, helping DIA manage security more effectively. RealMe is also used as the authentication layer for services like the Ministry of Health’s COVID-19 text message updates, supporting secure communication with frontline workers and residents. - **Scalable, resilient migration at national scale** More than 6 million sign-in and authentication records were migrated in a single 48-hour window, with minimal disruption, and the new system went live in July 2021 after an 18‑month project—despite the challenges of a global pandemic. RealMe has already verified 905,000 New Zealand residents, and that number continues to grow. - **Model for other jurisdictions** New Zealand is one of the first countries to place citizen authentication data in the Azure public cloud while keeping core identity attributes onshore. Other jurisdictions are now studying the RealMe implementation as a reference for how to reimagine government digital identity using Azure AD B2C. Looking ahead, DIA plans to deepen its Zero Trust approach across the RealMe platform and move toward passwordless authentication to further simplify and secure the user experience.