BankID (SE)

​​Used by almost 8 million Swedes, BankID has become a household brand and a highly trusted digital identification and signing s​​ervice for Swedish citizens.​ Almost 7 million has a mobile BankID and this eID was used in 96 % of logins and signings. It is also available as BankID on file and BankID on card.​​

​Enable BankID in ​your services

To enable BankID to login using E-Ident it is necessary with a merchant certificate ("förlitande certifikat") to be used in the communication between E-Ident (on your behalf) and with BankID. Nets is reseller of BankID and will help establish this certificate. 

More information about BankID:

Merchant certificate ​​​​("Förlitande certifikat")

​BankID agreement through Nets as reseller

​To establish the "Förlitande certifikat". Nets need the following information:

    • Your organisation name 
    • Certificate display name (this is visible in the BankID security application during the end user's login)
    • ​VAT number
Nets will handle the communication with a bank issuing the certificate. 

BankID agreement directly with an​​​ issuing bank​

It is also possible to have a BankID agreement directly with a bank issuing BankID. You will need to enter into an agreement with the bank. To establish the "Förlitande certificat", these steps must be done:

  1. ​Provide Nets with information about your organisation name, VAT number, certificate display name (visible during end user login) and the bank name.
  2. Nets will generate a certificate request based on this information and send it to you.
  3. You need to forward this certificate request to your bank. Do not make your own certificate request.
  4. ​The bank will issue the certificate based on the certificate request. Please forward this to Nets. 
  5. Nets will install and setup you configuration with BankID. 

Test "Förlitande certifikat"

​Nets has a default test certificate that all customers can use. This will be set up during configuration, and you do not need to do anything.

BankIDs for end users 

BankID for end users are available as either BankID on file, BankID on card or mobile BankID. The client used can be deducted from the CERTPOLICYOID attribute in the SAML assertion or from the certpolicyoid​ in the OIDC ID Token.

These are the possible values (from BankID's own documentation):

The values for production BankIDs are:

    • "1.2.752.78.1.1" - BankID on file
    • "1.2.752.78.1.2" - BankID on smart card
    • "1.2.752.78.1.5" - Mobile BankID
    • "1.2.752.71.1.3" - Nordea e-id on file and on smart card.

The values for test BankIDs are:

    • ​"1.2.3.4.5" - BankID on file
    • "1.2.3.4.10" - BankID on smart card
    • "1.2.3.4.25" - Mobile BankID
    • "1.2.752.71.1.3" - Nordea e-id on file and on smart card.
    • ​“1.2.752.60.1.6” - Test BankID for some BankID Banks​

Test users

See here for more information on how to get a BankID test user.

​Handling of SSN

​A user's SSN is a part of the end user certificate and always available from a BankID login. The SSN is the same as the SERIALNUMBER part of the dn claim in the ID Token (OIDC) or the DN attribute in the assertion (SAML). An example of this:

CN=Olav Widen, OID.2.5.4.41=(180427 13.09) Olav Widen - BankID på fil, SERIALNUMBER=195310021935, GIVENNAME=Olav, SURNAME=Widen, O=Testbank A AB (publ), C=SE 

​User experience

BankID client

Step 1 (autostart and presetid identification request parameters not s​et):​

BankID SE - step 1_med.png

 ​Step 2 (if autostart is set or clicking "BankID on this device" in step 1). The display name from the "Förlitande certifikat" is "Test av BankID" in this example:

BankID SE - step2_uten.png

Control the start of BankID app

BankID is available using two different versions of the BankID app; one for computers and one for mobile. To control the user interface presented to the end user, the autostart and presetid identification request parameters can be used.

​autostart​presetid​Behaviour
​false (default)​null (default)​The user will be presented with a choice of using this device or another device (if another device is selected the end user must provide the SSN) for both identification and signing. See BankID’s demo implementation of this page: https://demo.bankid.com/nyademobanken/Logon.aspx
​false​<SSN of user>​This indicates that the end user wants to start the client on another device. The end user will be presented a message; “Launch your BankID Security App". 
​true​null​The client will be auto started on the current device. 
​true​<SSN of user>​The client will be auto started on current device and it will be limited to the certificate with the given SSN. ​ 
Note: ​​There is a problem with the use of autostart in the Chrome browser. ​This is a security feature in Chrome. A user gesture (e.g. click on a button) is required to take over the whole window, like we do when opening the BankID app. A workaround is to add this attribute on the iframe:
sandbox="allow-top-navigation allow-scripts"

CSS file adjustment

​​The BankID "step 1" page can be styled by overriding the Nets default style.  

Read more about CSS styling and download E-Ident default style here. 

​​Known issues

It is not always possible to detect if the BankID app is installed on the device used for identification when using a mobile device. When the BankID app is closing, E-Ident tries to redirect the user back to the browser. However, it is not guaranteed that the user is redirected back to the same browser as the one that started the session. The customer implementation must support that the user is redirected back in a new web browser, eg cookies cannot be used. ​​