Learn more about itsme in the Knowledgebase.
# Getting Started
You can add itsme as an authentication provider from the federation dashboard in the Identity Broker.
Once itsme is selected, you will be presented with a configuration choice. Here you choose whether to create a live or test connection.
# itsme settings
- Registering a client: You will be provided a link to the itsme "create your account" page.
- "Include only when scoped" checkbox: The broker provides scoped IdP functionality.
- Response URL: A URL that identifies the address at which the authentication provider would like to receive responses.
- JWK set URLs: Already set; endpoint for RSA keys.
- Client ID: A unique identifier for the client.
- Service code for authentication: This will be provided by Technical Support during the onboarding.
- Service code for identification: This will be provided by Technical Support during the onboarding.
- Select a scope: Select one of the following scopes; profile, email, address, phone.
- Select attribute filter: Select an attribute filter (see __ Attribute Filters).
- Response attribute mappings: The user can choose to customise the name of the attributes received in the response body. You can provide none or multiple name-to-name mappings.
Tip: See Broker Features for more information.
# Available attributes
The itsme identity proofing method can be used to identify users, which is most applicable for account creation / onboarding use cases. The following attributes can be derived from an itsme identity proofing flow. Please note that other itsme methods will return a limited data set. The list below illustrates the available attributes within the itsme scheme.
The following attributes can be obtained from the itsme identity proofing method:
- Family name
- Given name(s)
- Phone number
- Email address*
- Postal code*
In addition to the attributes above, it's possible to request additional data from the user through itsme. Signicat needs a justification per attribute before enabling these additional data attributes on the service. This will be agreed on during the onboarding process.
- Place of birth
- eID number (the eID card serial number)
- National identification number
- Issuance locality*
- Validity of the eID card*
- eID picture* (portrait picture of the card holder)
The itsme authentication method only returns a unique ID for that specific user that can be linked to a previous itsme identity proofing, which also contains this unique ID.
*itsme does not guarantee the availability of these attributes for all users
# Integration with itsme through Signicat
This section provides technical details how customers can use each of the four itsme methods on the Signicat platform. Signicat offers an OIDC identity hub, which requires customers to start transactions through an authentication URL. For further information about the authentication URL, see the Authentication API.
# Trial information
If you would like to, you can request a free trial (opens new window) of the Signicat Identity Broker.