E-Ident provides a single point of integration to several eIDs utilizing standard authentication protocols to exchange information about the end user to the customer. The service is mostly used to let end users log on to a customer’s web site or to gain information about a user used for other purposes than log on. The returned user information varies from the different eID providers, and it may include some of the following:
- Date of birth
- Social security number (SSN)
- Serial number or eID specific identifier
The service supports two different authentication protocols, OpenID Connect and SAML 1.1. The general flow is similar for both protocols.
The end user initiates a login at the customer’s site
The customer sets up the communication to E-Ident through the end user’s browser
The end user identifies himself with his selected eID
E-Ident redirects the end user back to the customer, together with either an Authorisation code (OIDC) or an ArtifactID (SAML).
The customer sends a request directly to E-Ident to retrieve the user info. E-Ident returns the ID Token (OIDC) or the Assertion (SAML) containing all information about the user.
For a log on scenario, it can be the SSN or the eID identifier that is used to give the user his right privileges in the customer’s services. In other scenarios, it can be the combination of name and SSN that is used to find out more about the end user.
Read more about OIDC.
SAML 1.1 is the alternative authentication protocol supported by E-Ident. The identification request returns a SAML assertion with information about the end user. Log out and single sign-on (SSO) is available using this protocol.
Read more about SAML.
eID providers in E-Ident
E-Ident supports identification with the all major Nordic eID’s. These are supported:
- BankID (NO)
- BankID on mobile (NO)
- BankID including mobile (SE)
- NemID (DK)
- Tupas (FI)
- Mobiilivarmenne (FI)
The different eID providers will behave and interact differently with the end users, and they return different user info after an identification.
The E-Ident service is operated and maintained at Nets’ datacentres. The service has high availability. A customer test environment is always available for the customers.