Information

You appear to be using an unsupported browser, and it may not be able to display this site properly. You may wish to upgrade your browser.

About ScotAccount

ScotAccount allows your users to sign in and, if it’s necessary, verify their identity so they can access your service.

By using ScotAccount: 

  • your service will not need to build and maintain your own user authentication and verification systems
  • your users will not need to manage multiple sign in details or go through repeated identity verification for different services

What ScotAccount offers

Sign users into your service

ScotAccount signs in and authenticates each new and returning user, so your service does not have to.

Users need an email address and phone number to create and sign-in using two-factor authentication (2FA). 

You can use the 'sign in' functionality on its own for your service. You do not need to use identity verification. 

Verify the identity of your users

You can also verify the identity of your users, if it’s necessary for your service. This allows you to confirm that your users are who they say they are.

You have to use the ScotAccount 'sign in' to verify the identity of your users.

When verifying their identity with ScotAccount, users will not need to download any app or additional software.

Our standards

ScotAccount is build and maintained to industry standards. It offers: 

  • modern privacy and ethics respecting standards that are permissions-based at all times
  • smooth access to public services whilst promising that end users’ information will never be used by private organisations for other purposes
  • two-factor authentication (2FA) for extra account security
  • self-service password reset and recovery
  • data minimisation, including ethical and privacy protecting measures for users
  • ongoing support and security monitoring
  • an experience that meets Digital Scotland Service Standards and is in line with the Digital Scotland Design System
  • a service that meets Scottish Government Identity Management and Privacy Principles
  • time and cost savings across the public sector

ScotAccount is also compliant with current security and technical benchmarks. This includes:

  • OpenID Connect (OIDC) authentication
  • WCAG 2.1 level AA accessibility
  • Good Practice Guidance 44 & 45 Medium
  • Scottish Public Sector Cyber Resilience Framework (Advanced Tier)
  • National Cyber Security Centre Cyber Assurance Framework (NCSC CAF)
  • alignment with CSA STAR

Charges

There is no charge to use ScotAccount, either for you or your users.

Back to top