Auth User Guide

This document describes HMPPS Auth, how it can be used and what you must consider before integrating with the service.

About HMPPS Auth

HMPPS Auth is for accessing HMPPS digital services which includes Digital Prison Services (DPS) and probation services.
This service can be used to authenticate users who need to use any of HMPPS’ digital products and legacy applications, such as Delius.

You can use HMPPS Auth to:

  • Authenticate your service so that it can access the data it needs via HMPPS APIs
  • Provide users with access to your service

Before you start

When you are designing your service your user research should consider:
  • How will your users access your service? What kind of user accounts will they need? Do they work in prison or probation or are they external to MoJ? Do they already have NOMIS and/or Delius accounts?
  • How will you provide your users with the permissions they need to access and use your service? How will these be allocated and managed?
  • How will your users find your service? And how will they find out how to get help and support?
  • What data and from which existing APIs will your service be using data? How will it identify and authenticate itself to be allowed to access this data?

User accounts

To access HMPPS digital services users need to sign in and have the appropriate role(s). Roles provie permission to access services and determine what a user can do in a service.

Users can sign in to HMPPS Auth with a:
  • Digitial Prison Services (DPS) account - this allows users to sign in with their NOMIS username and password
  • Probation account - this allows users to sign in with their Delius username and password
  • HMPPS Auth external accounts - for users that do not have a NOMIS or Delius account or are external to the Ministry of Justice. For example, the police or external prison training providers

Some services need to be accessed by a mixture of users. For example, a service might be used by both prison and probation staff and the police, which means users may access the service by signing in with a NOMIS, Delius or an external account.

DPS users

Digital Prison Services (DPS) users sign in to HMPPS Auth with their NOMIS account. NOMIS is a system for managing people in prison.

DPS users can:

  • sign in to HMPPS Auth with their NOMIS username and password
  • use HMPPS Auth to reset their NOMIS password and request an email reminder of their NOMIS username
  • be allocated digital prison service (DPS) roles
  • can manage other DPS user accounts, providing they have the right role (permission) to do this

When designing your service you should consider whether any of your users have a NOMIS account.

While most prison staff will already have a NOMIS account some prison staff might not use NOMIS. And some prison staff that have NOMIS accounts do not use the legacy NOMIS system.

To find out how to onboard DPS users see onboarding users.

To find out how to create NOMIS user accounts in the Auth developer environment see Testing your service

Users that sign in with a DELIUS account

Delius is a probation case management system, which is mainly used by probation staff but some prison staff also have Delius accounts.

Delius users:

  • can sign in to HMPPS Auth with a Delius username and password
  • automatically have the probation role, which means they can access any digital services that are available to users with this role
  • cannot be allocated additional roles
  • can change their Delius password in HMPPS Auth. This new password can then be used to sign into Delius too.
  • cannot change their email address in HMPPS Auth.

Auth external accounts

  • are for users that don’t have a NOMIS or Delius account or are external to the Ministry of Justice. For example, users that work for charities, education or housing providers that work with people that are in or leaving prison.
  • can sign in with an email address and password
  • can change their email address and password
  • can be allocated an external role(s)
  • can be added to a group
  • can manage groups, providing they have the right role (permission) to do this
  • can manage other external users, providing they have the right role (permission) to do this

External accounts are not suitable for users that have:

  • A Delius account
  • A NOMIS account

We have a hierarchy of external users to make the administration of user accounts simpler. Group managers can be created by application support that are then responsible for creating and managing users within their own group.

To add a new type of user we would normally suggest:

  • Add a new group (or set of groups) for the new users
  • Identify support staff that would be able to administer the users, create accounts for them (if necessary) and give them management privileges within those groups

We have scripts for bulk creation of groups and users if required, please contact the tech team for future information.

Users that have multiple accounts

Some users have both a NOMIS and a Delius account. This means that some users can see and access different digital services depending on which account they sign into HMPPS Auth with. For example, a user that signs into HMPPS Auth with their Delius account will only see services that are available to Delius users, even if these services are also available to NOMIS and external users. To access services that are only available to NOMIS users they will need to sign in to HMPPS Auth with their NOMIS account.

We are working on improving the user journeys for users that have multiple accounts.

This page was last reviewed on 04-Sep-2024, next review will be on 04-Dec-2024.