Department of Veterans Affairs

Supporting Digital Transformation Through Modernization of the VA.gov Authentication Experience

SSO Applications Integrated

Over 50

Security Standard Compliance
NIST SP 800-63-3
Sign-in Partners Added
Login.gov and ID.me
Coverage Extended
SSO and SLO for eBenefits, MyHealtheVet, Oracle Cerner EHR

Context

The Department of Veterans Affairs (VA) is dedicated to transforming its user-facing digital tools to rival the private sector’s best experiences. As part of this initiative, VA overhauled VA.gov to create a veteran-centered platform and improve overall accessibility and usability. A cornerstone of this effort was the development of an integrated and seamless authentication experience to simplify access to services while enhancing security.

Challenge

The existing sign-in process for VA services was fragmented, requiring veterans to navigate multiple pathways and re-authenticate across different applications. To address these challenges, VA needed a solution that:

  1. Supports Single Sign-On (SSO) and Single Logout (SLO) across VA.gov, eBenefits, MyHealtheVet, and the new Oracle Cerner electronic health record (EHR) system;
  2. Includes Login.gov as a sign-in partner alongside ID.me;
  3. Supports policy-based access for both identity-verified and non-identity-verified users; and
  4. Enhances security for legacy credential options.

Expanded SSO coverage to include VA.gov, eBenefits, MyHeatheVet, the Oracle Cerner EHR system, and over 50 additional VA applications.

Solution

greenthreads expanded VA’s federated authentication service by implementing a “broker” model that supports a unified SSO session across all consumers using standards-based integrations such as SAML and OIDC. This approach ensured that VA.gov could seamlessly initiate authentication requests while maintaining interoperability with multiple sign-in partners, including Login.gov and ID.me.

Our team advocated for and ultimately delivered a fully standards-based solution (leveraging modern authentication patterns). The enhanced federated SSO solution enabled VA.gov users to initiate authentication directly or transparently join an existing SSO session. Additionally, policy-based authorization rules were introduced to control access to content based on user assurance levels, ensuring appropriate permissions for identity-proofed accounts. The SLO functionality provided seamless logout across VA’s SSO and associated login partners.

Result

  • Expanded SSO coverage to include VA.gov, eBenefits, MyHealtheVet, the Oracle Cerner EHR system, and over 50 additional VA applications.
  • Delivered a secure solution based on standards, preventing accumulation of technical debt and ensuring long-term maintainability.
  • Introduced SLO capability, enabling seamless logout from both VA and login partner sessions and further strengthening security posture.
  • Integrated Login.gov as a sign-in partner, and meeting NIST SP 800-63-3 standards for identity assurance.

SSO Applications Integrated

 Over 50

Sign-in Partners Added

Login.gov and ID.me

Coverage Extended

SSO and SLO for eBenefits, MyHealtheVet, Oracle Cerner EHR

Benefit

Green Threads has played a pivotal role in streamlining and securing the sign-in experience for veterans. By advocating for and delivering a standards-based solution, we have ensured a scalable and maintainable system that meets federal security mandates while providing a modernized, user-friendly platform. This effort simplifies authentication processes for veterans, reduces the need for multiple credentials, and upholds the highest security standards.