Skip to main content

What is a Registration Authority (RA)?

What a Registration Authority role entails and why you might need to contact somebody with an RA role.

Page contents

What a Registration Authority does

National IT systems for health and care need to ensure that users of these systems are identified correctly and are given appropriate access. This is achieved by identity verification and creating a national digital identity for each user. The process to doing this uses local ‘Registration Authorities’ which consist of people and processes who are trained to create identities and grant access.

In Public Key Infrastructure (PKI) terms there is a single Registration Authority (NHS England). All organisations that run a local Registration Authority do so solely on a delegated authority basis from NHS England. As NHS England is the single Registration Authority it needs to assure itself that organisations are operating appropriately and discharging their duties in an effective and consistent fashion described in the National RA Policy document.

The RA may be known by a different name in your organisation, such as:

  • smartcard team
  • RA team
  • smartcard authority
  • smartcard provider

In some organisations the Registration Authority may be part of the local IT team.

Registration Authority role hierarchy

There are several roles involved in operating an RA function. In order of hierarchy these are:

  • RA Manager
  • RA Agent (Advanced)
  • RA Agent
  • Sponsor
  • RA Agent ID Checker
  • Local Smartcard Administrator (also known as unlocker)

Graphic of hierarchy of RA roles, with RA manager above and the other roles on the same row below

RBAC codes

RBAC codes are assigned to professional users’ smartcards to give them access to the correct functions within Care Identity Service. The codes that are assigned will allow users to create and process referrals appropriately depending on their job role. In this guidance we have recommended the minimum role or roles that each user will require to carry out the basic tasks of their profession, although more may be required for some users.

Full list of RBAC codes

RA activity

RBAC code

 Recommended level
RA Manager R5080 - Registration Authority Manager

Management

RA Agent (Advanced)

R5090 - Registration Authority Agent

B0274 - Perform RA Activities (Advanced)

Management
RA Agent

R5090 - Registration Authority Agent

Operational
Sponsor

B1300 - Approve RA Requests

Operational

Line management
RA Agent ID Checker

B0267 - Approve RA Requests (Registration Only)

Operational
Local Smartcard Administrator

B0263 - Unlock Smartcards

Operational

Description

RBAC Roles and Activity codes for RA purposes are assigned to the user profiles of RA personnel. This enables them to perform the correct functions within Care Identity Service depending on their role within the RA Hierarchy for their organisation.

Description of each RA role

RA Manager

RA activity

RBAC code

Recommended level
Registration Authority Manager

R5080

Management

Description

RA Manager means an individual appointed by the executive management team (EMT) of an organisation to set up and run the organisation's Registration Authority processes and procedures. They are responsible for ensuring good governance, and report annually to the organisation’s EMT on RA activity.

In addition, they are required to undertake appropriate training to discharge these responsibilities and arrange training for all other RA team members. They are also authorised to verify and create identities, create and assign authenticator tokens, assign access permissions to a user, and perform advanced activities such as position creation and batch access management.

The responsibilities of the RA manager are listed in Appendix 1 of the Registration Authority policy.

RA Agent (Advanced)

RA activity

RBAC codes

Recommended level
Registration Authority Agent (Advanced)

R5090

B0274

Management

Description

RA Agent (Advanced) means an individual who has undertaken appropriate training and is authorised to verify and create identities, create and assign authenticator tokens, and assign access permissions to a user. In addition, they can perform a range of administrative tasks to maintain good RA records and processes, including advanced activities such as position creation and batch access management.

The responsibilities of the RA Agent are listed in Appendix 2 of the Registration Authority policy.

RA Agent

RA activity

RBAC codes

Recommended level
Registration Authority Agent

R5090

Operational

Description

An RA Agent can do everything an RA Agent (Advanced) can do except for advanced activities. An RA Agent also requires the approval of a Sponsor when managing the access permissions of a user.

The responsibilities of the RA Agent are listed in Appendix 2 of the Registration Authority policy.

Sponsor

RA activity

RBAC codes

Recommended level
Approve RA requests

B1300

Operational and line management

Description

Sponsor means an individual appointed by the EMT of an organisation who is authorised to request the creation of digital identities and request the assigning of appropriate and specific access to staff within the organisation with the assistance of an RA Agent. Sponsors can be delegated with the ability to directly assign a pre-defined list of positions to users using Assignable Postions where the assistance of an RA Agent is not required.

The responsibilities of the Sponsor are listed in Appendix 3 of the Registration Authority policy.

RA Agent ID Checker

RA activity

RBAC codes

Recommended level
Approve RA requests (registration only)

B0267

Operational

Description

RA Agent ID Checker means an individual who has undertaken appropriate training and is authorised to undertake identity verification and identity creation only.

Local Smartcard Administrator

RA activity

RBAC codes

Recommended level
Unlock smartcards

B0263

Operational

Description

"Local Smartcard Administrator" means an individual who has undertaken appropriate training and is authorised to undertake 2 face to face administrative processes:

  • reset smartcard passcodes
  • renew smartcard certificates that are due to expire

What each role can do

For an up-to-date list of the roles able to perform each activity, see the index of guidance at the top of the Care Identity Management user guides.

Last edited: 17 February 2025 5:03 pm