Zero Trust Digital Identity for Defence

CACI partners with UK Government across National Security, Defence, Central Government, and Critical National Infrastructure covering multi-cloud including Azure and AWS stacks and authentication-centred solutions. CACI designs and delivers secure digital identity services for complex, multi-classification estates – modernising legacy access, enabling cloud adoption, and protecting missions with Zero Trust. 

What we do  

• Zero Trust architecture for defence environments: no implicit trust, continuous verification 
• Centralised IAM using Digital Identity for Defence (DIfD) with a multi-tenant Keycloak broker (dev / pre-prod / prod) 
• Federation & integration with Google Workspace, OneLogin, and legacy directories/applications 
• Access at scale: policy-driven RBAC/ABAC, SSO, adaptive MFA, OIDC/SAML for diverse apps 
• Cloud-native platforms (e.g. Azure/AWS): auto-scaling, resilience, audit, disaster recovery, data sovereignty 
• End-to-end delivery: stakeholder workshops, risk/requirements analysis, governance, and post-implementation support 

Proven in Defence

Secure identity for multinational deployments and thousands of users; faster, safer access with strong audit and compliance.

 Operational Systems: Zero Trust Digital Identity Modernisation

Challenge

The MOD faced significant technical and operational challenges in modernising its digital identity – particularly the infrastructure for used during Operational Deployments.  Key issues included: fragmented identity systems creating security risk and inefficiency; eliminating implicit trust by moving to a Zero Trust model; enforcing access control across multi-classification security domains; supporting a multinational deployment; integrating legacy systems with modern cloud services; and scaling securely to thousands of users. CACI was asked to lead architectural design and delivery of a tailored Zero Trust framework.

Solution & approach 

• Ran stakeholder workshops, risk assessments, and requirements analysis for J3/5/6, including a review of legacy-to-cloud integration challenges. 
• Deployed a skilled team of Cloud Architects & Engineers to ensure continuity, robust governance, and ongoing post-implementation support. 
• Implemented a cloud hosting solution centred on Digital Identity for Defence (DIfD), using a multi-tenant Keycloak broker with realms for development, pre-production, and production. 
• Delivered federated identity integration with Google Workspace, OneLogin, and legacy systems. 
• Applied a Zero Trust framework with policy-driven access control, strict app-level authentication/authorisation, continuous user/device verification, and real-time threat detection. 
• Enabled SSO, adaptive MFA, OIDC/SAML for broad application coverage, on a scalable cloud-native architecture. 

Outcomes / benefits

• Enhanced security by removing implicit trust, centralising identity, and enabling granular access controls 
• Improved operational efficiency through automated provisioning, single sign-on (SSO), and seamless cloud/legacy integration 
• Supported the UK’s contribution to a multinational deployment with strong audit trails and compliance 
• Cloud infrastructure aligned with UK standards, ensured data sovereignty, enabled auto-scaling, and provided disaster recovery 

To learn more about our work in defence and national security, get in touch with our team today.