# Intro to eHerkenning Broker
# Introduction
Businesses and other organisations often need to deal with the government, local authorities or other bodies. eHerkenning is the most secure way to access public services online. eHerkenning provides online identification, enabling you to exchange confidential information with other organisations securely. It is the only Dutch eID method that allows you to act on behalf of a company.
Using the eHerkenning Broker, you can connect your online services directly to eHerkenning. Via the eHerkenning Broker, you can determine per service which reliability level of eHerkenning is applicable to the service type.
By using software with its own eHerkenning interface, such as the Signicat eHerkenning broker, you can make a direct connection. A connection can be set up within one working day, and the average lead time is two weeks.
# eIDAS
The eHerkenning network also interfaces with eIDAS, a system that connects various EU countries' national log-in systems. So, for example, German nationals can use their German log-in to access a Dutch service.
# eHerkenning roles
- Service provider (Dienstverlener, DV) - This is the Governmental Body that the end-user wants to login to.
- eHerkenning Broker (eHerkenningsMakelaar) - The Signicat broker connects the service provider to eHerkenning, including all identification providers and authorisation providers.
- Identification provider (AuthenticatieDienst) - They verify who the end-user is using a high level level of assurance.
- Authorisation provider (Machtigingenregister) - This establishes what the end-user is allowed to do per service and for whom; for example, an administrative employee is allowed to request parking permits but not allowed to submit tax returns.
Public and private
eHerkenning specifications are created by the Dutch Government but with the know-how of private technology companies.
Any private party that enters eHerkenning must comply with a strict set of security requirements.
# What is a service?
The public or Governmental Body that the end-user wants to log in to is the service; for example, applying for an energy label, applying for subsidy, submitting taxes, parking permits, eLoket, pension plans, and many more.
# Levels of Assurance (LoA)
eHerkenning supports four Levels of Assurance (LoA):
- EH2 corresponding to eIDAS level Low (Laag): Username, password. This is being phased out. Login means at level EH2 will need to register an additional verification step or upgrade to EH2+, EH3, or EH4 before 1 July 2025.
- EH2+ corresponding to eIDAS level Low (Laag): Username, password and an additional verification (2FA).
- EH3 corresponding to eIDAS level Substantial (Substantieel).
- EH4 corresponding to eIDAS levelHigh (Hoog).
Although the end-user can choose which level of assurance to use when authenticating, you might choose to require a certain LoA.
You, as a service provider, must set the minimum LoA you require during authentication based on security level, risk and type of data exchanged. Read the guidelines for configuring the LoA at Betrouwbaarheidsniveaus digitale dienstverlening (opens new window).
# Using eHerkenning in the Signicat Enterprise Sign API
Signicat supports electronic signing with eHerkenning. You can use this method through our Enterprise Sign API.
If you would like to use the eHerkenning signing method, contact us at support@signicat.com so we can enable the necessary configurations on our side.