How does it work?
Agencies can continue to host their own apps and integrate with Sector Link as the identity provider, or Agencies can host their Apps within the Sector Link tenant. Sector Link supports software-as-a-service (SaaS), platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) based apps.
User authentication will then occur at your home agency and authorisation will occur at Sector Link.
Sector Link’s single sign-on enhances the user experience, and existing multi-factor authentication (MFA) configurations are trusted, eliminating the need for further set-up.
To request the registration of an application, get in touch by submitting a request.
View the application communications workflow graphic. (PDF 188.27KB)
App onboarding processes commence
1. App onboarding
Supports:
- SaaS cloud-based app
- System for Cross-Domain Identity Management (SCIM)-compliant app
- Legacy application hosted on IaaS or on-premises
(Optional: New subscriptions for Sector Link–hosted apps and vNet/IP address allocation, as required)
2. App lifecycle operations
- Access packages designed
- Certificates created
- Microsoft Sentinel onboarded
- Identity governance configured
- Purview Information Protection deployed
3. Enterprise app registration
Supported Patterns include:
- Entra ID gallery – pre-built identity integrations for thousands of existing SaaS apps
- Custom enterprise app registration with OAuth, OpenID Connect or SAML authentication protocols
- Complex, integrated (via app proxy) or LDAP authentication protocols for legacy applications
User onboarding processes commence
4. User provisioning
Supported Patterns include:
- Automatic synchronisation of users and assignment of app permission/roles
- Manual – legacy authentication using Entra ID services
5. User application access
- End user application access and authorisation
User login processes commence
1. User account log-in
- End user logs in via application front-end (URL)
2. Authentication
- Single sign-on Via Entra ID with cross-tenant sync to end user’s Azure Active Directory home tenant identity
Technical overview of Sector Link
Sector Link provides an improved user experience, allowing NSW Government employees to sign into centrally managed applications using their existing credentials.
This enhances the NSW Government’s cyber security posture as there is no need for users to create multiple accounts for different applications.
Sector Link stands independently and is resilient to Machinery of Government (MOG) changes, meaning changes to department or agency structure do not require costly technical configuration.
Sector Link facilitates external collaboration between government agencies, eliminating the need for separate identities and enabling seamless application sharing. Sector Link has been designed from the ground up to support secure, standards-based Identity Federation and interoperability. It can be likened to a Digital Switzerland, that acts as a central authentication provider for all of NSW Government.
Sector Link's security controls comply with the NSW Cyber Security Policy, specified in the NSW Cyber Security Policy 2023-2024.
Sector Link trusts the MFA configuration from supported home agencies, eliminating the need for additional set-up while maintaining the same level of security.
Sector Link manages data in accordance with requirements of the NSW Cyber Security Policy, specified in the NSW Cyber Security Policy 2023-2024.
If you are an Application Owner, how to manage and administer access to your Application is covered in the App Owner documentation and during training, which will be provided as part of the onboarding process.
Yes. Sector Link is a NSW State Digital Asset and the preferred identity provider for applications that need to be accessed by multiple NSW Government agencies or departments.
Sector Link is free for users to access applications, but there is a small cost to onboard applications if you are an app owner.