Digital identity for online learning (DI4OL) and MyAko
DI4OL gives people safe and secure access to online education-related services.
| Level of compliance | Main audience | Other |
|---|---|---|
|
Inform
|
|
|
- Purpose of DI4OL and MyAko
- Definition of technical terms
- What DI4OL does
- How DI4OL helps students and other users
- MyAko and how does it helps students
- Who can use DI4OL and MyAko
- Information is shared with DI4OL
- Privacy
- What schools need to know
- Technical information
- Contact
Purpose of DI4OL and MyAko
Digital applications need to confirm that a person is who they say they are. This is especially important for school assessments and results.
We want to make sure everyone’s:
- personal information is kept private
- digital information is safe.
DI4OL gives people safe and secure access to online education-related services. It makes it easier for you to log in to applications and helps the application know you are supposed to have access.
MyAko is a portal for students to access application that use DI4OL from one place with one login.
Definition of technical terms
Here are some of the terms used on this page.
- Personal information: any information about a person that allows someone to identify them. Personal information doesn’t have to include their name. It could be something like their phone number, home address, or gamertags.
- Identity provider: a service that confirms you are who you say you are online, such as Google, Microsoft, Apple and RealMe.
- Portal: a web page that connects you to other sites
- Application: often called an 'app'.
- Login details: often called login credentials, this means your username and the information you enter to authenticate yourself, such as your password, passphrase, or authentication app.
- National Student Number (NSN) – a number assigned to each person when they first go to an early childhood education centre or primary school.
What DI4OL does
DI4OL acts as a go-between. When you log in to an application, it redirects your login request to an identity provider. This means you can use your login details for your school or personal account to access the application.
Applications need to be set up to use DI4OL (and MyAko). DI4OL only collects the minimum required personal information so DI4OL can work.
DI4OL provides additional security features which make it easier and more secure for schools to exchange information with applications and limits the information applications can request from schools.
How DI4OL helps students and other users
DI4OL helps students and other users by:
- allowing you to use your usual login details when you log in to an application that uses DI4OL, rather than having to set up new ones
- reducing the risk of privacy and security breaches
- giving applications more confidence that you are who they say you are.
MyAko and how it helps students
MyAko is a portal for applications that use DI4OL. It allows students to:
- access and log in to some educational applications through one web page
- link a personal account so they can access specific applications after they have left school.
Who can use DI4OL and MyAko
DI4OL and MyAko were successfully tested in some secondary schools in 2023. DI4OL and MyAko will be used with some applications in 2024. We will add more information as it becomes available.
Schools opt in to using DI4OL and MyAko.
Information is shared with DI4OL
The information that is shared with DI4OL depends on what user verification is needed by the application that is using DI4OL. The Ministry will always make sure that shared information is always limited to the information necessary for the DI4OL service to work.
Applications that allow access for subscribed schools
Some applications that use DI4OL will give you access if your school has subscribed to the application. Depending on the application, they may need to know your name, or email address, or what class you are in (such as requiring you to enter a class code). No other information is shared though DI4OL for these applications.
Applications that allow access for specific users
Some applications require each user to be registered with them. DI4OL does not share any personal information with these applications, other than the user’s name and email address.
Applications that need a school student’s identity verified
If an application that uses DI4OL needs to know which school student is accessing the application, the school will share the student’s full name, their school email address, and whether the address has a date of birth and a National Student Number assigned to it.
Privacy
DI4OL has been designed to protect personal information, including minimising the information that is shared for DI4OL to work. We have completed a privacy impact assessment in consultation with the Office of the Privacy Commissioner.
There are 2 versions of the privacy impact assessment:
- Privacy impact assessment – Full report [PDF, 4.6 MB]
- Privacy impact assessment – Summary in plain language [DOCX, 1.3 MB]
We have also prepared a privacy statement for students:
Privacy statement for students
What schools need to know
To use the DI4OL service, schools need to opt in.
More information about the specific technical requirements for different DI4OL and MyAko uses will be available in 2024.
Technical information
What is DI4OL?
DI4OL is an ‘identity broker’. An identity broker passes a user’s login request securely to an identity provider, such as Google, Microsoft, Apple or RealMe (DI4OL is not an identity provider).
What does DI4OL provide?
DI4OL can be set up to confirm the user trying to access an application is:
- from an allowed education institution such as a school, OR
- the right person to log in with their school or personal account, OR
- a specific student.
Specific school required
Some applications that use DI4OL will give you access if your school has subscribed to the application. Depending on the application, they may need to know your name, or email address, or what class you are in (such as requiring you to enter a class code). No other information is shared though DI4OL for these applications.
This method will mostly be used if you use a school or an account from another education organisation to access the application.
Specific user name is used
Some applications will require you to register. The application will check you are on their list of users, and DI4OL will pass you to the identity provider linked to your email address.
This method may be used if you use a school or personal account to access the application.
Specific student identity is verified
Some applications for students will require DI4OL to verify the identity of the school student. This is done by checking that your school account has an assigned National Student Number and date of birth in your school’s system. In this case, your school account is acting as an identity provider. DI4OL does not see these details.
This method will be used when students are logging in to an application that includes access to their assessments and results, or to the student’s other personal information.
Where is my personal information stored?
All data remains stored in the school’s IT system (onsite or online). The very limited information shared by a school with the Ministry for DI4OL is stored in the Ministry’s Azure service in Australia.
More technical information
If you would like more technical information on how DI4OL uses and protects personal information, email DI4OL.project@education.govt.nz.
Contact
To provide feedback, ask a question or seek assistance, email DI4OL.project@education.govt.nz.
Last reviewed: Has this been useful? Give us your feedback