E-Ident

Get started
Step 1
Step 2
Step 3
Overview
OpenID Connect
SAML
Service access
Operational information
User experience
eIDs
Test users
BankID (NO)
BankID (SE)
BankID on mobile (NO)
Buypass (NO)
Finnish Bank ID
Finnish Trust Network
MitID (DK)
Mobiilivarmenne (FI)
Mobile-ID
Nets ID Verifier
Smart-ID
Verimi
Error codes
Release notes
Contact us

Smart-ID

​Smart-ID is available in Estonia, Latvia and Lithuania using the Smart-ID app.  

Enable Smart-ID in your services

Smart-ID is available in Estonia, Latvia and Lithuania using the Smart-ID app. To get you started with Smart-ID identification through E-Ident, contact support to enable Smart-ID on your current test configuration or to set up a new test configuration. 

A description on how to get a Smart-ID test account is found on the test user page

More information about Smart-ID:

Information about the end user

​Type​OIDC​SAML​Comments
​Birth date

​birthdate

Requires scope=profile

 ​DOB​End user's birth date.
​Country 
 ​c
Requires scope=cert
C
The country from end user's certificate.
​End user certificate

certificate

Requires scope=cert

CERTIFICATE​End user's Smart-ID certificate. 
​Certificate policy
certpolicyoid
Requires scope=cert
CERTPOLICYOID
​The certicate policy from end user's certificate
​Common name
 ​cn
Requires scope=cert
 ​CN
​The common name from end user's certificate. 
​Distinguished name

dn

Requires scope=cert

DN​Distinguished name from end user's certificate. 
Family name

family_name

Requires scope=profile

 ​SURNAME​End user's surname.
​Given name

​given_name

Requires scope=profile

 ​GIVENNAME​End user's first/given name.
​Full name

​name

Requires scope=profile

 ​FULLNAME​End user's full name.
​Certificate level
smartid_certificate_level
Requires scope=cert
SMARTID_CERTIFI-
CATE_LEVEL
The level of the end user's certificate. This is either QUALIFIED or ADVANCED. Note: Qualified is available in all environments, advanced is only available in test for test accounts. 
​Document number
smartid_document_number
Requires scope=ssn

SMARTID_DOCU-
MENT_NUMBER
Requires returnssn=true parameter

​See description below. 
​Smart-ID interaction flow
smartid_interaction_flow_used
Requires scope=openid
SMARTID_INTER-
ACTION_FLOW_USED
See the description below.
​Identifier

​smartid_pid / pid
Requires scope=openid

 SMARTID_PID
​Unique identifier of user in the E-Ident service.
​Social security number
ssn
Requires scope=ssn
SSN
Requires returnssn=true parameter
​End user's social security number
SSN issuing country
 ​ssn_issuing_country
Requires scope=ssn

SSN_ISSU-
ING_COUNTRY
Requires returnssn=true parameter

​The user's country. 

The Smart-ID document number is a unique ID consisting of the user's identity type, country code, social security number, random code to identify device and non-qualified or qualified. Here is an example of a document number: 

PNOEE-30303039903-8LND-NQ
  • PNO: Identity Type (Personal Number, is the only type supported for now)
  • EE: Country code (Other values supported are LT, LV)
  • 30303039903: SSN (SSN can also contain "-" in between for Latvian country SSN)
  • 8LND: random code to identify device
  • NQ / Q : To identify the type of account/certificate (NQ -> Non-qualified (Advanced) and Q-> Qualified)

Handling of SSN

The social security number (SSN) of an end user will be returned if the SSN scope is set (OIDC) or the returnssn parameter is set to true. The SSN is returned as the ssn claim/attribute and the ssn issuing country is returned in the ssn_issuing_country claim/attribute.

Note: The SSN is also indirectly returned if you request the scope=cert as the ssn can be deducted from the result. 

User experience

The user experience is a combination between input in a browser and on a personal app. The app "Smart-ID" app includes the user's electronic ID. Below are the screen shots from the browser only. 

Step 1 (enter country and id code):

Step 1a.PNG

Step 2 (waiting for input from mobile app): 

Step 2.PNG

User interaction flow

Smart-ID offers different ways to display text, verification code and PIN entering screen to the user. This is controlled by the smartid_allowedInteractionsOrderType parameter on the identification request. The different values are listed in the interactions column below. The interactions can be used in combination with the given display text parameter.

Interactions
​Display text parameter
​Comments
​displayTextAndPIN
​smartid_displayText60
​The simplest interaction with max 60 chars of text and PIN entry on a single screen.
​verificationCodeChoice
​smartid_displayText60
​First screen is for code choice and second screen is with max 60 chars text and PIN like displayTextAndPIN is.
​confirmationMessage
​smartid_displayText200
​First screen is for text only (max 200 chars) and has Confirm and Cancel buttons. Second screen is for PIN.
​confirmationMessageAnd-VerificationCodeChoice
​smartid_displayText200
​First screen combines text and Verification Code choice. Second screen is for PIN.

The smartid_allowedInteractionsOrderType also allows a comma separated list of two or more interactions., and if comma separated, there should be no space before or after comma. The interaction used is up to the Smart-ID app. If a list is provided, make sure to add the appropriate display text parameters. 

Note: If no smartid_allowedInteractionsOrderType is given in the request, then displayTextAndPIN is sent as default along with the default smartid_displayText60 "Please authenticate this transaction.", to Smart-ID endpoint.

The used interaction value is returned as a ID Token claim (OIDC) or attribute (SAML) name smartid_interaction_flow_used.

Smart-ID logo

If needed, the Smart-ID logo can be downloaded from Smart-ID Branding page: https://www.smart-id.com/e-service-providers/smart-id-branding/