Skip to main content

Authentication Vault

The Signicat Authentication Vault allows you to automatically store the data you receive from an end-user authentication with electronic identities (eIDs).

The data you can store includes transaction logs and the personal information of your users. These are stored securely as records in the Signicat Digital Evidence Management (DEM). You can access and manage the records directly in the Signicat Dashboard or through the DEM API.

To start using the Authentication Vault, you first need to configure it in the Signicat Dashboard. You can find more information on this page.

How it works

An authentication flow typically consists of the following steps:

  1. Connect your application to an eID with an authentication protocol.
  2. Direct end-users to the authentication server where they verify themselves.
  3. Route the end-user back to your digital service.
  4. Send backend requests to retrieve the end-user's personal data.
  5. Verify and process the end-user's data for your use case.

All throughout, your application sends/receives a series of requests/responses to/from the Signicat eID and Wallet Hub. Typically, the data is only available temporarily for the scope of the authentication session and is forgotten thereafter.

Why use the Authentication Vault

The Authentication Vault allows you to store the data for longer periods of time beyond the scope of an authentication session. It achieves this by storing the response in the Signicat DEM database, so that you can always retrieve it at a later point.

After you activate the Authentication Vault, all your authentication transactions are automatically stored in the DEM database. The data is saved in records that you can view in the Signicat Dashboard and retrieve with the DEM API.

Available settings

The Authentication Vault is configurable and allows you to control the following settings:

  • Obfuscating the national identity number.
  • Limiting storage to specific eIDs.
  • Defining retention periods for records in the DEM database.
Supported authentication protocols

The Authentication Vault can help you store records obtained from connections with the following protocols:

  • OpenID Connect (OIDC)
  • Authentication REST API (only redirect flow)

Note that no data is stored for transactions with SAML 2.0.

Get started

To start using the Authentication Vault, you first need to set it up in the Signicat Dashboard.

To learn how to set it up, try it out and manage the records, make a selection using the buttons below:

Set up
Learn about activating and configuring the vault
Try it out
Try out an end-to-end flow to see it in action
Manage records
Learn about viewing and retrieving records
On this page