Secure and User-Friendly Mobile Identity Provider Solution for NIST-Compliant Authentication and Authorization


CTG was tasked with developing a mobile application for a large government agency. The challenge was to create a secure and user-friendly mobile identity provider solution that complied with the National Institute of Standards and Technology (NIST) standards for authentication and authorization. The solution needed to provide a high level of confidence in the user's identity and ensure a smooth and intuitive user experience.


Federal Government

Domains of Expertise

Security & Identity, Human-Centered Design, UX, & Design, Mobile Apps, Software Development

Tools and Technologies

TypeScript, React Native, Java, Spring Boot, Keycloak, HTML, CSS, and TypeScript. Elastic Kubernetes Service (EKS), Relational Database Service (RDS), CloudWatch, CodeBuild

Strategy & Solution

To address the challenge, CTG's team adopted a human-centered design approach. We conducted discovery sessions to understand the problem and collaborated with the government agency to align our solution with the needs of real users. Our team identified different user personas and analyzed their behaviors, motivations, pain points, and goals. This understanding guided the design and development of the solution.

Our solution leveraged the OpenID Connect (OIDC) authentication protocol and provided a secure Identity Provider (IdP) that operated at the NIST Authenticator Assurance Level (AAL) 2. The IdP allowed users to create and log in to their accounts and access a secure mobile application relying party (RP). The user interface (UI) of both applications was designed to be clean and intuitive, ensuring a user-friendly experience.

The Results

Intuitive User Experience

We utilized a human-centered design approach to meet the needs of real users and provide an intuitive user experience.

Surpassed Enhancement Goals

Achieved high code coverage for different components, exceeding the government agency's target and enhancement goals.

Ensured Quality

Ensured inbuilt quality through usability tests, functional manual tests, automated front-end scripts, and various types of testing activities.

Contact Us

Let's Create Your Next Success Story

We’ll work with you to deliver a product built on technological experience, the research know-how, with built-in measurable results.