When it comes to confidential tax data, security must always be a top priority. In the Swiss canton of Zurich, it is the job of the Zurich Cantonal Tax Office (KStA) to collect federal, cantonal and municipal taxes, and they use various specialist applications to do this. To make it easier for employees of the municipal tax offices to access these applications, the KStA has been using the Nevis Security Suite since 2020. It lets them log into the applications without needing to enter a password – an enormous security boost in terms of authentication.
The collaboration between Nevis and the Zurich Cantonal Tax Office began back in 2005, when the Nevis partner Adnovum developed a software solution that allowed the authority to process and manage tax dossiers.
By 2013, the tax office was working with several specialist applications, each with their own user administration – but that created silos. At the same time, there was a desire for improvements such as a better overview of the authorisation relationships and more efficient user management for the existing applications. In addition, the offices wanted to increase security and create a future-proof platform with a standardised way to integrate new applications.
To meet all these needs, they began successively building up an eIAM infrastructure in 2013. This is based on a central access and authorisation system for the Zurich Cantonal Tax Office. eIAM uses applications such as nevisProxy and nevisAuth for authentication and authorisation. The secure login solution for employees of the municipal tax offices is a new component in this eIAM structure.
2FA authentication for municipal users
When it came to implementation, the decision-makers at the KStA opted to extend 2FA authentication to users in the municipal tax offices as well, with the Nevis Authentication Cloud in addition to an access app. Previously, the latter group had always logged in with a user name and password, while the KStA staff already used an electronic certificate for authentication.
Adnovum brought Nevis on board for the implementation. The Nevis Security Suite that was implemented combines the benefits of the Nevis Identity Suite with those of the Nevis Authentication Cloud. Thanks to its modular structure and open interfaces, it adapts flexibly to a wide variety of requirements and can be connected upstream of any existing infrastructure. This means, as in the case of the KStA, all access to the specialist applications can be controlled and an additional layer of security can be created.
It’s all about authentication
The success or failure of any customer identity and access management system hinges on the type of authentication and authorisation it employs. That is why the Identity Suite combines a secure entry gateway with a web application firewall and an authentication service.
The FIDO-certified Nevis Authentication Cloud extends the KStA infrastructure with passwordless authentication and transaction signing. Employees need nothing but their mobile phone with a security chip for multi-factor authentication. This makes the process more convenient, reliable and secure than the old method. All in all, the entire implementation process took about six months. Teamwork was the key. Working together with the KStA, Adnovum’s first step was to install the solution in its integration environment. Afterwards, the integration and tests took place at the KStA. There was no need for any special adaptation to the local conditions to prepare the solution for use by the municipal workers. As a participant in the “Early Adopter – Nevis Mobile Authentication Cloud Solution” programme, the KStA uses the branded access app.
Since the system went live in August 2020, around 350 employees at the municipal tax offices have been able to log into the KStA’s specialist applications without having to use a password, making the process more convenient and secure than in the past.