Client components can be divided into those that form part of internal applications, and those that form part of public facing applications (such as UA). Components that contain artifacts intended for use in internal applications should not be deployed into public facing applications such as UA. Customisations should be split between internal and public facing client components in order to achieve this. Internal components should never be added to the UA deployment packaging, as this will mean that artifacts intended for caseworkers or administrators will be deployed into the public facing application.
The UA client side artifacts are divided between the citizenworkspace and citizenaccount client components. This is done for good reason: the citizenaccount component includes UIM pages that expose sensitive data to citizens (including life events functionality), whereas the citizenworkspace component includes the artifacts needed to offer triage, screening and online application functionality. Accordingly, if the citizen account functionality is not being used, the citizenaccount client component should not be deployed, i.e. it should be removed from the UA deployment packaging. Please see the Cúram deployment guide related to your specific application server for more information on deployment and deployment packaging. For more information regarding securing citizen account, please see the Citizen Account - Security Considerations section.