Digital identity for online learning (DI4OL)

DI4OL gives people safe and secure access to online education-related services.

Level of compliance Main audience Other


  • Principals and tumuaki
  • Teachers and kaiako
  • Learners and whānau
  • School ICT specialists
  • Boards
  • Administrators
  • External ICT providers

Purpose of DI4OL

Digital applications need to confirm that a person is who they say they are. 

We want to make sure everyone’s:

  • personal information is kept private
  • digital information is safe.

DI4OL gives people safe and secure access to online education-related services. It makes it easier for you to log in to applications and helps the application know you are supposed to have access.

Definition of technical terms

Here are some of the terms used on this page.

  • Personal information: any information about a person that allows someone to identify them. Personal information doesn’t have to include their name. It could be something like their phone number, home address, or gamertags.
  • Identity provider: a service that confirms you are who you say you are online, such as Google, Microsoft, Apple and RealMe.
  • Application: often called an 'app'.
  • Login details: often called login credentials, this means your username and the information you enter to authenticate yourself, such as your password, passphrase, or authentication app.

What DI4OL does

DI4OL acts as a go-between. When you log in to an application, it redirects your login request to an identity provider. This means you can use your login details for your school or personal account to access the application.

Applications need to be set up to use DI4OL. DI4OL only collects the minimum required personal information so DI4OL can work.

DI4OL provides additional security features which make it easier and more secure for schools to exchange information with applications and limits the information applications can request from schools.

How DI4OL helps students and other users

DI4OL helps students and other users by:

  • allowing you to use your usual school login details when you log in to an application that uses DI4OL, rather than having to set up new ones
  • reducing the risk of privacy and security breaches
  • giving applications more confidence that you are who you say you are.

Information is shared with DI4OL

The information that is shared with DI4OL depends on what user verification is needed by the application that is using DI4OL. The Ministry will make sure that shared information is always limited to the information necessary for the DI4OL service to work.

Access for schools or specific users

Some applications that use DI4OL will give you access if your school has subscribed to the application. Depending on the application, they may need to know your name, or email address. No other information is shared though DI4OL for these applications. 


DI4OL has been designed to protect personal information, including minimising the information that is shared for DI4OL to work. We have completed a privacy impact assessment in consultation with the Office of the Privacy Commissioner.

There are 2 versions of the privacy impact assessment:

We have also prepared a privacy statement for students:

Privacy statement for students

Technical information

What is DI4OL?

DI4OL is an ‘identity broker’. An identity broker passes a user’s login request securely to an identity provider, such as Google, Microsoft, Apple or RealMe (DI4OL is not an identity provider).

Where is my personal information stored?

All data remains stored in the school’s IT system (onsite or online). The very limited information shared by a school with the Ministry for DI4OL is stored in the Ministry’s Azure service in Australia.


To provide feedback, ask a question or seek assistance, email

Last reviewed: Has this been useful? Give us your feedback