BankID on mobile (NO)

​Used by around 4 million Norwegians, BankID has become a household brand and a highly trusted digital identification service for Norwegian citizens.​​

Enable BankI​​D on ​mobile in your services

​To get you started with BankID on mobile identification through E-Ident, Nets will need a merchant certificate and some configuration setting information from you. The configuration settings are supplied in the setup dialogue with support. 
More information about BankID:

​Merchant certificate

​​​​​Nets through the Signing and Identification Services are resellers of BankID merchant certificates, and this can be ordered either separately or together with E-Ident and/or E-Signing. When ordering a merchant certificate through Nets, you will receive an information letter asking you to complete a form with information needed to create a BankID “brukerstedsavtale” with BankID Norge. ​Note: In this form you need to ​specify if you are allowed to handle SSN. 

The form shall be returned to our support and based on the form Nets will register this order at BankID. After the registration you will be asked to confirm and sign the order. When the order is signed with BankID Norge, it will be sent to your bank for processing. Your bank may use up to 10 business days for processing the order. Nets will  then recei​ve activation information for your BankID merchant certificate from your bank. The merchant certificate will be activated and connected to your configuration.​

In cases where you use another reseller, the BankID activation link and code must be sent to Nets without activating it. Contact Nets support to get contact details of recei​​​ver of the link and code. 

Test merchant certificate

Nets will set you up with a common test merchant certificate if nothing else have been agreed. ​

Test users

See here for more information on how to get a BankID on mobile test user.

Information about the end user

​Birth date


Requires scope=profile

DOB​End user's date of birth.
​End user certificate


Requires scope=cert

CERTIFICATE​The end user's certificate.
​Certificate policy OID


Requires scope=cert

CERTPOLICYOID​The certificate policy OID from the end user certificate.
​Common name


Requires scope=cert

​CN​The common name from the end user's certificate. Example: "Usår, Tæst"
Distinguished name


Requires scope=cert

DN​​The distinguished name from the end user's certificate. Example: "CN=Usår\\, Tæst,O=TestBank1 AS,C=NO,SERIALNUMBER=xxxx-xxxx-x-xxxxxx"
​Family name


Requires scope=profile

SURNAMEEnd user's family name. ​Deducted from the first part of the CN field of the BankID end user certificate.
​Given namee


Requires scope=profile

GIVENNAMEEnd user's first name(s). ​​Deducted from the last part of the CN field of the BankID end user certificate.
​Level of Assurance
Accepts acr_values as urn:eident:acrp:level:high 
Always returns- 
Personal identifier

​no_bid_pid / pid

Requires scope=openid

​NO_BID_PID​​Norwegian BankID personal identifier. For the OIDC protocol, this is returned in both the no_bid_pid and pid claim.
​Norwegian SSN

​no_ssn / ssn

Requires scope=ssn


​The end user's social security number (no: fødselsnummer). For the OIDC protocol, this is returned in both the no_ssn and ssn claim.  
​Phone number


Requires scope=phone

​NO_CEL8​End user's Norwegian phone number.
​E-mail address
Require scope=email
​Not Applicable
​The end user's e-mail address

​Phone number
​phone number
Require scope=phone
​Not Applicable
​The end user's phone number
Require scope=address
​Not Applicable
​The end user's address

Handling of SSN

​​All companies that are allowed to handle social security numbers (SSN) can get this in return after a BankID identification. For customers using the SAML protocol, SSN is returned as default, but this can be turned off by appending returnssn=false to the identification request. For customers using OIDC, SSN will only be returned if scope=ssn is set in the identification request. Read more about the optional eID specific scopes and identification request parameters for OIDC and SAML respectively.

Note: Remember to specify that you want to process SSN when ordering your BankID merchant certificate and giving Nets your E-Ident configuration details.

User experience

BankID on mobile dialogue

Step 1 (enter phone number and date of birth - optional) + step 2:BankIDpåmobil - step 2_uten.png

Step 3 + 4 (on mobile phone):

BankIDpåmobil - step 3_med.png BankIDpåmobil - step 4_med.png

Step 5:  (Click Next): This page will be shown only when scope email, phone, and/or address is requested through Eident. If “Not Now” is selected then show the result without email, phone, and/or address.


Step 6 (Fill the form below): This blank form will come when user details are not found else skip to step 7. If "Cancel" is selected then show the result without email, phone and/or address. 


Step 7 (Click ok or Edit the form again): check/uncheck email, phone and address


Prese​​t mobile number and birthdate

The end user’s mobile phone number and birthdate may be preset at the customer's site prior to calling the E-Ident service. The mobile phone number (celnr8) and birthdate (dob6) can be appended to the identification request to E-Ident. This will replace the first step in the flow above. Read more about the optional eID specific identification request parameters for respectively OIDC and SAML.

Error codes

​BankID on mobile specific error codes can be found in BankID documentation at​​

Transaction text

A transaction text may be connected to the BankID on mobile transaction through the OIDC CIBA flow using a binding message. This feature will invoke the BankID signing flow. See the CIBA flow for more information.