EIC Identity Services
In line with the Singapore Government’s National Digital Identity (NDI), Ecquaria Integration Centre (EIC) comes with a suite of products built for identity management in government systems. It includes Singpass/Corppass (SP/CP) SAML 2.0, Singpass/Corppass OIDC RP, Myinfo, Government Active Directory (GovAD), Document Signing.
One Management Console, Many Identity Add-Ons (E.g. Singpass OIDC, WOG ADFS)
With a single management console installed, agencies can simply add on identity management features required such as Azure Active Directory (Azure AD), Whole-of-Government (WOG) ADFS, Myinfo, Government Enterprise Data Hub (GovEDH), Digital Signing and future government-related identity services.
EIC products are designed to be multi-tenanted and can be deployed as a common service with a single Management Console managing multiple tenant profiles secured with Role-Based Access Control (RBAC).
The cloud-native product is deployable in all Singapore Government environments and supports Linux, Docker Swarm, Kubernetes, and Windows for all. EIC also supports all 3 cloud service providers under the Government Commercial Cloud (GCC) and their relevant container services:
1. Amazon Web Services (AWS): Elastic Kubernetes Service (EKS) on Fargate and EC2, Elastic Container Service (ECS) on Fargate and EC2
2. Azure: Azure Kubernetes Service (AKS)
3. Google Cloud Platform (GCP): Google Kubernetes Engine (GKE)
Fast and Simple Integration with Singpass/Corppass OIDC
EIC is a multi-tenanted solution that can be deployed as an agency-wide common service. With the management console deployed as the agency’s common infrastructure, each government application can onboard Singpass OIDC in as fast as 2 weeks.
Supports Various Singpass OIDC Deployment Scenarios
We understand that with technology, there is no one-size-fits-all approach. EIC supports multiple SP/CP deployments scenarios, be it single project deployment, agency-wide common service or sharing of digital service IDs.
Single Project Integration with Singpass OIDC
EIC OIDC wraps the underlying complexities of encryption, digital signature and certificate exchange into a simple REST call.
Agency-Wide Singpass OIDC Common Service
With EIC OIDC installed in the common integration tier, all applications within the agency can leverage the common service and be onboarded in as fast as 2 weeks.
Sharing of Singpass OIDC Digital Service ID
EIC OIDC supports the scenario where more than one application shares a single SP/CP Digital Service ID. The EIC proxy redirects the request back to the original application.
Cloud-Native Solution for All Your Singpass OIDC Needs
EIC OIDC is a cloud-native solution that is deployable in all Singapore Government environments.
For the Government Commercial Cloud (GCC), EIC supports all 3 Clouds under the Government Commercial Cloud (GCC): Amazon Web Services (AWS), Azure and Google Cloud Platform (GCP) and their relevant container services.
1. AWS: Elastic Kubernetes Service (EKS) on Fargate and EC2, Elastic Container Service (ECS) on Fargate and EC2
2. Azure: Azure Kubernetes Service (AKS)
3. GCP: Google Kubernetes Engine (GKE)
Linux, Docker Swarm, Kubernetes, and Windows are supported for all environments, be it GCC, Government Private Cloud (GCP), Government Data Centre (GDC) or individual agency’s data centres.
Additional EIC OIDC Features
Automated Certificate Rotation
Singpass/Corppass Mock Server for Integration Testing
Separate Management Console
Transaction Logging for Audit Trail
Seamless Integration with WOG AD
EIC GovAD integrates with the various Whole-Of-Government Active Directory (WOG AD) authentication options such as WOG Active Directory Federation Services (WOG ADFS) and Azure Active Directory (Azure AD). EIC GovAD provides the authentication options in a form of RESTful APIs, requiring minimal changes or implementation of complex authentication frameworks on the existing web application.
All intranet applications can leverage the government user accounts centrally managed at WOG AD. All staffing details and changes are effected in a single place regardless of the authentication option.