Enable Finnish Bank ID in your services
The Finnish Bank ID consists a set of Finnish banks. These are:
Osuuspankki
Nordea
Danske Bank
Handelsbanken
Ålandsbanken
S-Pankki
Aktia
POP Pankki
Säästöpankki
Oma Säästöpankki
Nets is an ID broker and offers all banks through our E-Ident/FTN service. Upon configuration you will be setup with all banks.
Note: Customers offering identification with Finnish Bank ID and Mobiilivarmenne must use the OIDC protocol with encrypted ID Token.
Read more about FTN
here.
Information about the end user
| Birth date |
birthdate Requires: scope=profile | End user's birth date. |
| Family name |
family_name Requires: scope=profile | End user's surname. |
| SATU |
fi_satu Requires: scope=ssn | Finnish unique identification number (sähköinen asiointitunnus). |
| HETU (SSN) |
fi_ssn / ssn Requires: scope=ssn | End user's Finnish personal identity code (henkilötunnus). Read more about
SSN handling. |
| Bank |
fi_tupas_bank Requires: scope=openid | The end user’s bank used in the identification process. |
| Personal identifier | fi_tupas_pid / pid Requires: scope=openid | Personal identifier set by Nets FTN. |
| Given name | given_name Requires: scope=profile | End user's first/given name. |
Full name
| name Requires: scope=profile Note: The name value is constructed of the
given_name +
family_name. | End user's full name |
Level of Assurance
| acr
| Accepts acr_values as urn:eident:acrp:level:high or urn:eident:acrp:level:substantial or urn:eident:acrp:level:low
Always returns- urn:eident:cert:eidas:high
|
| Organisation name |
organisation_name Requires: scope=organisation | The organisation name connected to the user's legal person ID.
Read more. |
Handling of SSN
The social security number (SSN) of an end user can be returned if you are allowed to receive this. This will be determined when you enter into an agreement with Nets or the issuing bank. The SSN is returned as the
fi_ssn and
ssn claim.
Information about organisation
User experience
Bank ID dialogue
Step 1 (select bank - optional page). Note: The picture below is an illustration of this page in pop-up and standalone UI options:
Step 2:
The end user is directed to the bank's identification client. See each individual bank's look and feel when testing the service. When directing the user to the bank's client, the identification is redirected entirely to the bank's identification page.
End user routed directly to the bank's client
You may also design your own bank selection page and skip the page in step 1 above. If designing your own bank selection page, set the
amr_values parameter to
fi_tupas and the
forcebank parameter to the user-selected bank. The different forcebank parameters can be found on the
OIDC page.
Bank logos
If needed, the different bank's logo can be found at these links:
Service Provider NameIf an OIDC signed request is provided with parameter eident_context then this value can be used as Service Provider name for Danske Bank, Ålandsbanken, S-Pankki and Aktia. This service provider name will be shown on bank’s login page. If a value is not provided, then it will show merchant’s name as service provider name.
eident_context should be Base64 encoded JSON in below format-
{
“display_name” : “<ServiceProviderName>”
}
