Icare software

As advertised on the USI webpage, the AUSkeys that you use to access the USI Registry are being decommissioned on Friday the 27th of March 2020.

This change affects your use of the USI Registry via the USI website and via Icare’s direct connection to the USI services.

There is plenty of documentation available on the USI and ATO websites to help you with the change to AUSkeys. This document will refer you to that documentation, provide some hints that have been collected and outline the Icare specific steps.

Icare is ready

As of version 2.3.15.4, Icare is ready for the replacement to AUSkeys. Icare will continue to work with the AUSkey it currently has and you can give it a new Machine Credential whenever you are ready. If you give the Machine Credential the same password as your AUSkey then no one will notice the change.

New terminology

myGovID

Individuals - directors, managers & staff - that login to a government online service - such as the USI website - will need to create their own myGovID to provide their digital identity.

it’s like the 100 point ID check but on your smart device

Principal authority

This is the first individual to link their myGovID to the RTO’s ABN. This is usually the owner or director listed in the Australian Business Register (ABR).

Once linked to the ABN, the principal authority can authorise other individuals.

Relationship Authorisation Manager (RAM)

Linking the principal authority and authorising other individuals is done in the Relationship Authorisation Manager, from here on referred to as RAM.

A common authorisation would be authorising access to the USI website.

Authorisation administrator

The principal authority can delegate the management of authorisations to someone else, that person is referred to as an Authorisation administrator.

Machine Credential

Icare does not have a phone and so cannot login with a myGovID. Icare is given a Machine Credential instead. This can also be referred to as a Machine-2-Machine credential or M2M credential.

Machine credential administrator (MCA)

The Machine Credential needed by Icare can only be created by the principal authority or a Machine credential administrator (MCA). The principal authority may delegate this authority separately than the Authorisation administrator authority.

What do I need to do?

  1. Create an myGovID

  2. Link your business in RAM

  3. Delegate to an Authorisation administrator and/or Machine credential administrator

  4. Authorise others to access the USI website

  5. Create a Machine Credential for Icare

  6. Import Machine Credential into Icare

Each of these steps is expanded upon below.

Step 1. Create a myGovID

Who

principal authority, Authorisation administrator, Machine credential administrator, USI website users

Where

https://www.mygovid.gov.au/

Guide

How do I set up a myGovID?

Your myGovID will be linked to your email and mobile phone. The email used does not have to be your RTO email address, I would suggest using your personal email address. . Your myGovID can be used as your digital identity whilst acting on behalf of organisations other than the RTO, such as your local cricket club or family trust.

Who

principal authority

Where

RAM

Guide

Principal authority under the Sole trader or eligible individual associate heading

As the principal authority, you need to link your myGovID to the RTO’s ABN before you can authorise others to access government online services on behalf of the RTO.

Tip
If you have trouble linking the RTO’s ABN, please review the Before you start section of the Guide linked above.

Step 3. Delegate to an Authorisation administrator and/or Machine credential administrator

Who

principal authority

Where

RAM

Guide

Set up authorisations under the Creating a new authorisation heading

As the principal authority, you can optionally delegate authorisation management and Machine Credential creation to someone else.

Tip
In Step 2 of the Add authorisation process tick Authorisation administrator and/or Machine credential administrator as appropriate.

Step 4. Authorise others to access the USI website

Who

principal authority or Authorisation administrator

Where

RAM

Guide

Set up authorisations under the Creating a new authorisation heading

If any staff, other than yourself as the principal authority or Authorisation administrator, need access to the USI website then you need to authorise them in RAM. Staff may use the USI website for the following tasks:

  • Create, Search for and Verify a USI,

  • Download latest suburb/postcode data for Icare.

Tip
In Step 3 of the Add authorisation process look for Unique Student Identifier Organisation Portal under the Department of Education, Skills and Employment agency. Tick Full next to the agency.

Step 5. Create a Machine Credential for Icare

Who

principal authority or Machine credential administrator

Where

RAM

Guide

How to install a Machine Credential

Important
Make sure you install the software before logging into RAM. You will need to restart your browser and confirm the new plugin before logging into RAM.

The software is available from Before you start section of the Gude.

Tip
The keystore path is where the machine credential will be saved. This will be pre-filled in but can be changed if required. I would suggest you leave the default path but copy it or write it down so you can use it in Step 6.
Tip
The keystore password is the password Icare asks for whenever a user performs a USI related action. This password is shared by all users of Icare so do not use a personal password.

Step 6. Import Machine Credential into Icare

Who

Icare user

The Machine Credential created in Step 5 can be imported into Icare by:

  • Log into Icare,

  • click Management,

  • click USI Settings (lower, right),

  • click Import Machine Credential,

  • locate the Machine Credential file:

    • if you copied the keystore path in Step 5 then paste it into the Filename box,

  • click the Open button,

Icare will load the Machine Credential and show it’s details on screen. Check that the Not After date is after March 2020.