Overview

​E-Ident is a service that supports identification based on electronic ID through a common interface. The service builds on functionality delivered by eID providers as well as functionality developed by Nets. E-Ident supports all the major Nordic eID schemes.

​E-Ident provides a single point of integration to several eIDs utilizing standard authentication protocols to exchange information about the end user to the customer. The service is mostly used to let end users log on to a customer’s web site or to gain information about a user used for other purposes than log on. The returned user information varies from the different eID providers, and it may include some of the following:

  • Name
  • Date of birth
  • Social security number (SSN)
  • Serial number or eID specific identifier

The service supports two different authentication protocols, OpenID Connect and SAML 1.1. The general flow is similar for both protocols.

  1. The end user initiates a login at the customer’s site
  2. The customer sets up the communication to E-Ident through the end user’s browser
  3. The end user identifies himself with his selected eID
  4. E-Ident redirects the end user back to the customer, together with either an Authorisation code (OIDC) or an ArtifactID (SAML).
  5. The customer sends a request directly to E-Ident to retrieve the user info. E-Ident returns the ID Token (OIDC) or the Assertion (SAML) containing all information about the user.

For a log on scenario, it can be the SSN or the eID identifier that is used to give the user his right privileges in the customer’s services. In other scenarios, it can be the combination of name and SSN that is used to find out more about the end user.

Authentication protocol

OpenID Connect

The OpenID connect (OIDC) protocol is a standard authentication protocol based on OAuth 2.0. E-Ident’s implementation of OIDC only supports the authorization code flow. The protocol is simple and supports all type of clients like web-based, mobile and JavaScript clients. The user information after an authentication is received by customers in the form of a secure JSON Web Token (JWT) known as an ID token.

Read more about OIDC. 

SAML

SAML 1.1 is the alternative authentication protocol supported by E-Ident. The identification request returns a SAML assertion with information about the end user. Log out and single sign-on (SSO) is available using this protocol.

Read more about SAML.

eID providers in E-Ident

E-Ident supports identification with the all major Nordic eID’s. These are supported:

  • BankID (NO)
  • BankID on mobile (NO)
  • BankID including mobile (SE)
  • NemID (DK)
  • Tupas (FI)
  • Mobiilivarmenne (FI)

The different eID providers will behave and interact differently with the end users, and they return different user info after an identification.

Service availability

The E-Ident service is operated and maintained at Nets’ datacentres. The service has high availability. A customer test environment is always available for the customers.