BankID (SE)

​​​Used by almost 8 million Swedes, BankID has become a household brand and a highly trusted digital identification and signing s​​ervice for Swedish citizens.​ Almost 7 million has a mobile BankID and this eID was used in 96 % of logins and signings. It is also available as BankID on file and BankID on card.​​

​Enable BankID in ​your services

To enable BankID to login using E-Ident it is necessary with a merchant certificate ("förlitande certifikat") to be used in the communication between E-Ident (on your behalf) and with BankID. Nets is reseller of BankID and will help establish this certificate. 

More information about BankID:

Merchant certificate ​​​​("Förlitande certifikat")

​BankID agreement through Nets as reseller

​To establish the "Förlitande certifikat". Nets need the following information:

  • Your organisation name 
  • Certificate display name (this is visible in the BankID security application during the end user's login)
  • ​VAT number
Nets will handle the communication with a bank issuing the certificate. 

BankID agreement directly with an​​​ issuing bank​

It is also possible to have a BankID agreement directly with a bank issuing BankID. You will need to enter into an agreement with the bank. To establish the "Förlitande certificat", these steps must be done:

  1. ​Provide Nets with information about your organisation name, VAT number, certificate display name (visible during end user login) and the bank name.
  2. Nets will generate a certificate request based on this information and send it to you.
  3. You need to forward this certificate request to your bank. Do not make your own certificate request.
  4. ​The bank will issue the certificate based on the certificate request. Please forward this to Nets. 
  5. Nets will install and setup you configuration with BankID. 

Test "Förlitande certifikat"

​Nets has a default test certificate that all customers can use. This will be set up during configuration, and you do not need to do anything.

BankIDs for end users 

BankID for end users are available as either BankID on file, BankID on card or mobile BankID. The client used can be deducted from the CERTPOLICYOID attribute in the SAML assertion or from the certpolicyoid​ in the OIDC ID Token.

These are the possible values (from BankID's own documentation):

The values for production BankIDs are:

  • "1.2.752.78.1.1" - BankID on file
  • "1.2.752.78.1.2" - BankID on smart card
  • "1.2.752.78.1.5" - Mobile BankID
  • "1.2.752.71.1.3" - Nordea e-id on file and on smart card.

The values for test BankIDs are:

  • ​"" - BankID on file
  • "" - BankID on smart card
  • "" - Mobile BankID
  • "1.2.752.71.1.3" - Nordea e-id on file and on smart card.
  • ​“1.2.752.60.1.6” - Test BankID for some BankID Banks​

Test users

See here for more information on how to get a BankID test user.

Information about the end user



Requires scope=cert

​CThe end user's country.
​End user certificate


Requires scope=cert

CERTIFICATE​The end user's certificate.
​Certificate policy OID


Requires scope=cert

CERTPOLICYOID​The certificate policy OID from the end user certificate.
​Common name


Requires scope=cert

​CN​The common name from the end user's certificate.
Distinguished ​name


Requires scope=cert

DN​​The distinguished name from the end user's certificate.
​Family name


Requires scope=profile

SURNAMEEnd user's family name. ​
​Given name


Requires scope=profile

GIVENNAMEEnd user's first name(s).
​Level of Assurance
Accepts acr_values as urn:eident:acrp:level:substantial or urn:eident:acrp:level:low
Always returns- urn:eident:cert:eidas:substantial​
​Swedish SSN

​se_ssn / ssn

Requires scope=ssn


​The end user's social security number. For the OIDC protocol, this is returned in both the se_ssn and ssn claim.  

​Handling of SSN

​A user's SSN is a part of the end user certificate and always available from a BankID login. The SSN is the same as the SERIALNUMBER part of the dn claim in the ID Token (OIDC) or the DN attribute in the assertion (SAML). An example of this:

CN=Olav Widen, OID. 13.09) Olav Widen - BankID på fil, SERIALNUMBER=195310021935, GIVENNAME=Olav, SURNAME=Widen, O=Testbank A AB (publ), C=SE 

​User experience

BankID client

Step 1 (autostart, presetid/login_hint identification request parameters not set). The picture is an illustration of the UI in standalone and pop-up UI.:​

BankID SE - device selection_updated.PNG 

Note: The above screen was recently updated. Previously, when using another device for identification, the user had to enter their national identity number. With the introduction of QR code scanning, this is not longer necessary.

Step 2 (if selecting Mobile BankID):

BankID SE - QR code.PNG

​Step 2 (if autostart is set or by clicking "BankID on this computer" in step 1). The display name from the "Förlitande certifikat" is "Test av BankID" in this example:

BankID SE - step2_uten.png

Step 3 (on mobile phone app):

BankID SE - mobile.jpg

Control the start of BankID app

BankID is available using two different versions of the BankID app; one for computers and one for mobile. To control the user interface presented to the end user, the autostart, presetid/login_hint and forcepkivendor/amr_values ​identification request parameters can be used.



​false (default)​null (default)​se_bankid (default)
​The user will be presented with a choice of using BankID on this computer or Mobile BankID for both identification and signing. See BankID’s demo implementation of this page:
​false​<SSN of user>​se_bankid
​This indicates that the end user wants to start the client on another device. The end user will be presented a message; “Launch your BankID Security App". 
​A link will be shown to open the BankID app
​true​<SSN of user>​se_bankid

​A link will be shown to open the BankID app on same device and it will be limited to the certificate with the given SSN.​​ ​ 
​Desktop users- The user will be redirected to page which will show a QR code to scan.
Mobile users- The user will be presented with a choice of using Mobile BankID on this device or Mobile BankID on another device.

BankID logo

If needed, the BankID logo can be downloaded from and

Transaction text

A transaction text may be connected to the BankID transaction through either the regular OIDC identification flow or the OIDC CIBA flow. For the OIDC identification flow, the transactiontext parameter may be appended to the identification request. For the CIBA flow, the binding message must be used.

This feature will invoke the BankID signing flow. 

​​Known issues

It is not always possible to detect if the BankID app is installed on the device used for identification when using a mobile device. When the BankID app is closing, E-Ident tries to redirect the user back to the browser. However, it is not guaranteed that the user is redirected back to the same browser as the one that started the session. The customer implementation must support that the user is redirected back in a new web browser, eg cookies cannot be used. ​​