Contact Us
Get a Free Trial

The Nevis Experience
for KStA

(Kantonales Steueramt Kanton Zürich)

Download the KStA Story

Initial Situation

While KStA employees have long been using a SmartCard with an electronic certificate for identification and to gain access to tax office web applications, municipality employees have thus far been forced to rely on the comparatively less secure ID and password login process. Now, they’ve also been provided with a secure and passwordless login process to access business applications. Nevis, the Swiss market leader for Identity and Access Management, and its partner AdNovum, which has been working closely with the Tax Authority since 2005, were entrusted with the execution.

Secure login for municipality employees is the latest element of the eIAM infrastructure, the central access and authorization system of the Cantonal Tax Authority Zürich for web applications, which has been steadily developing since 2013. In addition to nevisProxy and nevisAuth for authentication and authorization, eIAM also includes nevisWF and a web application (GUI) for maintaining permissions, including the consent process. This was the basis for the decision to implement 2FA for municipality users with the Nevis Authentication Cloud and an access app.

Michael Sonderegger

«We’ve clearly been able to increase user authentication security. In our opinion, the solution provides users with a convenient, simple, and secure way to authenticate themselves.»
Michael Sonderegger, In charge of IAM, KStA

Solution

The Nevis Security Suite is a combination of the Identity Suite and the Authentication Cloud, which can be flexibly adjusted to a range of diverse requirements. The suite is installed upstream of the existing infrastructure and adds an additional layer of security by controlling all user access to the business applications. Authentication and authorization are at the heart of successful Customer Identity and Access Management. Nevis consists of a secure entry gateway, combined with a web application firewall and an authentication service.

The FIDO-certified Nevis Authentication Cloud extends the KStA infrastructure with passwordless authentication and transaction signing as a service. This makes it possible for employees to sign in without a password. Since they only need their mobile phone with a security chip for the multi-factor method, the process is more comfortable and more secure than outdated username and password processes.

The entire execution and implementation of the solution began in spring of 2020 and lasted around six months. Since the go-live in August 2020, around 350 municipality employees have been using passwordless authentication. At the same time, KStA employees can still use the secure login via their SmartCard with a certificate.

About KStA

The Cantonal Tax Authority Zürich (KStA) is responsible for enforcing federal, cantonal and municipal taxes as well as inheritance and gift taxes, withholding taxes, supplementary taxes, and tax penalties. Beyond that, the KStA oversees and supports municipal tax offices with their tax collection processes. Within the scope of its activities, the Cantonal Tax Authority also provides municipal tax offices with web-based business applications and tax-relevant personal and declaration data.

More Success Stories

Healthcare and Life Sciences
MediData - protecting healthcare data for service billing
MediData - protecting healthcare data for service billing
How the Nevis Identity suite protects MediData’s network and provides users with a secure and password free access to their web applications.
Government
Canton of Zug – ZUGLOGIN and the eZug App
Canton of Zug – ZUGLOGIN and the eZug App
How the Canton of Zug saves time and money with Nevis-protected user accounts for the administration and its customers. And increases its online offerings.
Banking
PostFinance – Passwordless Access to Accounts
PostFinance – Passwordless Access to Accounts
How PostFinance doubled the number of customer interactions thanks to Nevis. Once the account is activated, the customer logs in securely via fingerprint.