​​​Verimi is a European digital identity and data platform that allows users to aggregate, save and reuse verified digital identities from various regulates sectors such as e-government, financial sector, insurance sector and telecommunication.

Enable Verimi in your services

​Verimi is a European digital identity and data platform that allows users to aggregate, save and reuse verified digital identities from various regulates sectors such as e-government, financial sector, insurance sector and telecommunication. Verimi is built with security and privacy as the key features giving end-users the full control over their personal data and how it is shared with 3rd parties.

Users can transfer their identity data from existing accounts such as bank account or telecom. Alternatively, this information is captured during the onboarding process on Verimi’s connected partners. Once registered, Verimi allows users to instantly access stored credentials and reuse them making their identification process simpler.

Verimi is currently offering support for Germany.

To enable Verimi eID through the E-Ident service, please contact our support or your sales representative.

For more information about Verimi:

Information about the end user

The information returned about the end user is listed in this table:

​​The end user's address. See section "address" for more detail.
​Authentication Method

See section below for possible values.​
​Birth date


Require scope=profile 

DOB​End user's birth date.
​Distinguised namednDN​The distinguished name from the end user's certificate. Example: "CN=Test User"
​E-mail address


Require scope=email

EMAILADDRESS​The end user's e-mail address.
Verified e-mail address​


Require scope=email

EMAIL_VERIFIED​This claim tells if the e-mail address has been verified or not.
​Family name


Requires scope=profile

SURNAMEEnd user's surname.​
​Given name


Require scope=profile

GIVENNAMEEnd user's first/given name.

​Full name


Require scope=profile

FULLNAME​End user's full name.
​Level of Assurance
Accepts acr_values as urn:eident:acrp:level:substantial or urn:eident:acrp:level:low
Always returns- 
​Phone number


Require scope=phone

PHONE_NUMBER​The end user's phone number.
​Verified phone number


 Require scope=phone

PHONE_NUMBER_VERIFIED​This claim tells if the phone number has been verified or not.
​Document Number
​The end user’s document number
​Document Type
The end user’s document type​
​Date of Expiry
The expiry date of the document held by the end user​
​Place of Birth
The end user’s place of birth​
CITIZENSHIP​The end user’s citizenship
​Issue Date
The end user’s document issue date​
Issuing Authority​​​
​The end user’s document issuing authority
​Verification Method
The verification method used by the end user while proving their identity with Verimi​
Verification Date​​
​The date when the end user verified/proved their identity ​with Verimi


If SAML returnaddress=true or OIDC scope contains address and ssn then return complete address in response. 
Example 1:
"address" : "{\"formatted\":\"Tempelhofer Ufer 10, 10963 Berlin, Germany\",\"street_address\":\"Tempelhofer Ufer 10\",\"locality\":\"Berlin\",\"region\":\"\",\"postal_code\":\"10963\",\"country\":\"Germany\"}"

If OIDC scope contains address but not ssn then return minimal address.
Example 2: 
"address" : "{\"region\":\"\",\"country\":\"Germany\"}"

If SAML returnaddress=false or not provided, then do not return the address in response.​

​Possible AMR values

The authentication method for a specific identification may be set using the amr_values parameter. The actual used authentication method will be returned in the amr claim/attribute. If the amr_values parameter is not defined, the authentication method will be the default value.

Please note, amr_values in request can contain both forcepkivendor and authentication method in format- “forcepkivendor:amr_values".

Verimi in E-Ident provides support for below AMR values

  • verimi
  • verimi;loa.dipp.default
  • verimi;loa.dipp.2fa
  • verimi;loa.dipp.default,loa.dipp.2fa
  • verimi:idcard - default, if not provided.

with request parameter containing amr_values = “verimi", user needs to be authenticated with e-mail:password credentials along with 2FA (two factor authentication) if configured in verimi profile or insisted with amr_values=loa.dipp.2fa.              

with request parameter containing amr_values = “verimi:idcard" , user needs to be authenticated with e-mail:password credentials and also required to verify identity through one of the modes from Bank Ident, Video Ident, eID ident along with 2FA.

Please be noted that it asks only once to configure verified identity in Verimi profile with passport or idcard if not configured already.​

Possible AMR values in id-token could be one of the below.

  • ["email"]
  • ["email", "loa.dipp.default"]
  • ["email", "loa.dipp.2fa"]
  • ["idcard"]​

User experience (Verimi ID Card Flow)

Step 1: For existing user, it shows login page as below.


Step 2: If the user is logging in for the first time, below are the steps

a. On click of the Login/Sign button, it redirects the user to the Verimi page.

b. If the user already has a Verimi account, he or she can proceed with "Log in". if not, then the user can create a new account. ​

It is recommended to create a Verimi account prior to the identification/signing as there are a few steps like mobile app download, profile setting with mobile number, setting up two-factor authentication (2FA), and id-card or passport registration.​


Step 3:  As the Identification/Signing transaction is vital so user must have a verified identity registered with Verimi. It required that the user has configured an id card or passport in the Verimi profile. User also has the option to configure an id card or passport during the transaction.


Step 4: User has the below-mentioned options to configure the id card and can proceed.


Step 5: For testing purposes, users can proceed with Video-Ident.


Step 6: It asks for user detail to be filled in with a real phone number.


Step 7: Once filled, the user will be redirected to the video call page.

For a real case scenario, the Verimi agent will call you and ask you to show your id card or passport. The agent will ask you for your personal details. User will receive one SMS code which needs to be entered on the screen. On verification complete, the user's id card is registered in the Verimi profile.

For the testing scenario, the sample TAN number is 123456 for success and 654321 for the failure case.


Step 8: User can verify the passport or ID card configured in the Verimi profile.


Step 9: After successful configuration, the process will be marked completed

User experience (Verimi Flow)​

Step 1: login with email address & password

MicrosoftTeams-image (5).png

Step 2: User can choose what information shall be shared as part of identification.

MicrosoftTeams-image (4).png

Step 3: Depending on whether the user has configured for 2 Factor authentication, this step shall be completed on the mobile device to confirm the transaction, ​if required.

Preset e-mail address

The e-mail address added in Step 1 as shown here can be preset by appending the presetid/login_hint parameter to the identification request, only for requests containing amr_values as “verimi". 

Presetid/login_hint is not supported for Verimi IDCard flow.

Read more about presetid and login_hint for OIDC and SAML​