Enable Smart-ID in your services
Smart-ID is available in Estonia, Latvia and Lithuania using the Smart-ID app. To get you started with Smart-ID identification through E-Ident, contact support to enable Smart-ID on your current test configuration or to set up a new test configuration.
A description on how to get a Smart-ID test account is found on the
test user page.
More information about Smart-ID:
Information about the end user
DOB||End user's birth date. |
|C||The country from end user's certificate.|
|End user certificate|
|CERTIFICATE||End user's Smart-ID certificate. |
|CERTPOLICYOID||The certicate policy from end user's certificate|
CN||The common name from end user's certificate. |
|DN||Distinguished name from end user's certificate. |
SURNAME||End user's surname.|
GIVENNAME||End user's first/given name. |
FULLNAME||End user's full name. |
|The level of the end user's certificate. This is either QUALIFIED or ADVANCED. Note: Qualified is available in all environments, advanced is only available in test for test accounts. |
Requires returnssn=true parameter
|See description below. |
|Smart-ID interaction flow||smartid_interaction_flow_used|
|See the description below.|
smartid_pid / pid
SMARTID_PID||Unique identifier of user in the E-Ident service.|
|Social security number||ssn|
Requires returnssn=true parameter
|End user's social security number|
The Smart-ID document number is a unique ID consisting of the user's identity type, country code, social security number, random code to identify device and non-qualified or qualified. Here is an example of a document number:
- PNO: Identity Type (Personal Number, is the only type supported for now)
- EE: Country code (Other values supported are LT, LV)
- 30303039903: SSN (SSN can also contain "-" in between for Latvian country SSN)
- 8LND: random code to identify device
NQ / Q : To identify the type of account/certificate (NQ -> Non-qualified (Advanced) and Q-> Qualified)
Handling of SSN
The social security number (SSN) of an end user will be returned if the SSN scope is set (OIDC) or the returnssn parameter is set to true. The SSN is returned as the ssn claim/attribute and the ssn issuing country is returned in the ssn_issuing_country claim/attribute.
Note: The SSN is also indirectly returned if you request the scope=cert as the ssn can be deducted from the result.
The user experience is a combination between input in a browser and on a personal app. The app "Smart-ID" app includes the user's electronic ID. Below are the screen shots from the browser only.
Step 1 (enter country and id code):
Step 2 (waiting for input from mobile app):
User interaction flow
Smart-ID offers different ways to display text, verification code and PIN entering screen to the user. This is controlled by the
smartid_allowedInteractionsOrderType parameter on the identification request. The different values are listed in the interactions column below. The interactions can be used in combination with the given display text parameter.
|displayTextAndPIN||smartid_displayText60||The simplest interaction with max 60 chars of text and PIN entry on a single screen.|
|verificationCodeChoice||smartid_displayText60||First screen is for code choice and second screen is with max 60 chars text and PIN like displayTextAndPIN is.|
|confirmationMessage||smartid_displayText200||First screen is for text only (max 200 chars) and has Confirm and Cancel buttons. Second screen is for PIN.|
|confirmationMessageAnd-VerificationCodeChoice||smartid_displayText200||First screen combines text and Verification Code choice. Second screen is for PIN.|
The smartid_allowedInteractionsOrderType also allows a comma separated list of two or more interactions., and if comma separated, there should be no space before or after comma. The interaction used is up to the Smart-ID app. If a list is provided, make sure to add the appropriate display text parameters.
Note: If no smartid_allowedInteractionsOrderType is given in the request, then displayTextAndPIN is sent as default along with the default smartid_displayText60 "Please authenticate this transaction.", to Smart-ID endpoint.
The used interaction value is returned as a ID Token claim (OIDC) or attribute (SAML) name
If needed, the Smart-ID logo can be downloaded from Smart-ID Branding page: https://www.smart-id.com/e-service-providers/smart-id-branding/