Over the past eight years, Michigan has developed one of the most extensive and widely adopted identity management platforms of any state. But getting people to use MILogin took intensive communication with other agencies, according to Rex Menold, the state’s deputy chief security officer.
“We eventually had to form an executive council just for this, which is not a thing we do for applications at the State of Michigan usually,” Menold said in a recent interview. “Because MILogin has such a wide scope and affects the state in such a huge way, we actually have deputy director levels from across the state on this executive council and they prioritize things.”
Since a test release in 2014 with a single application at the state Department of Health and Human Services, MILogin has steadily grown. Menold said it is now the main log-in tool for 340 applications, and with millions of users, adoption has topped out: “Pretty much everybody in the state has an account that wants to.”
But even with millions of users, understanding how people are using the tool is challenging, he said. Menold’s agency, the Michigan Department of Technology, Management and Budget, conducted a formal usability study last spring to better understand user behavior, Menold said, but before that, it resorted to collecting feedback from help desks and informally chatting with state employees who’d used it.
“For me the biggest challenge was communication and communicating with my agency customers and convincing them we had the right idea,” Menold said. “The trick with that I think was almost over-communicating with them. We had to have a much bigger buy-in from the agencies’ perspective for something this big.”
The executive council allowed agencies a voice in the design process, during which, Menold said, they often disagreed on “literally everything,” from the interface’s appearance to whether or not help-desk phone numbers should be prominently displayed. The project would not have been successful without that agency buy-in, he said.
“If you don’t have that, I don’t know how you can stay successful,” Menold said. “I mean, we had a governor’s mandate, we have a policy, we have standards that all say you have to use MILogin. That doesn’t matter if the agencies don’t buy in.”
The technology department is currently rolling out the platform’s next phase, which includes 27 additional features, like passwordless authentication and the use of data analytics to prevent fraud. Menold said the single sign-on tool has been boon for security, because updates and patches only need to be performed once. But although MILogin’s main functionality and infrastructure is finally complete, Menold said he doesn’t expect the state to stop updating the tool soon.
“I don’t know when you’re done, because identity is going to change and we’re going to have to change with it, and people are going to think of new things they want us to do and we’re going to have to be flexible with that,” he said. “I think identity is something you’re never really done with.”