Skip to main content

Quick start guide

Learn how to identify your users in just a few steps. You can integrate with Signicat in three ways; by using OpenID Connect (OIDC) or SAML 2.0 or via Signicat's Authentication REST API.

Initial preparations

The guides below assume you've completed the initial setup steps:

  1. Sign up to the Signicat Dashboard.
  2. In the Signicat Dashboard, set up an organisation and an account. Additionally, to use the eID Hub product you need to set up a domain.
Our recommendation

We advise you to create a sandbox account to test our solutions before implementing them in a production account.

Try it out

Add an ID method

  1. In the Signicat Dashboard, go to eID Hub > ID Methods.
  2. To enable the ID method, click Add new in the top right.
  3. Choose the ID method from the list, for example Norwegian BankID. Then, click Save.
  4. Now you can see the ID method listed and enabled with status "Active" in the ID methods list.
Production account

In a production account, you may need to obtain additional certificates or comply with data protection regulations to retrieve specific data attributes. You can learn more about the requirements for your desired method on the ID methods page.

Choose a protocol

Before you can start integrating, you'll need to know which authentication protocol to use. Signicat's identity hub supports three main protocols. Depending on your case, you may want to pick one of:

Picking a protocol

Choice of protocol depends on what you prefer, what your application supports and what you want to achieve.

OIDC and SAML are official identity protocols, while the Authentication REST API is a solution developed and maintained by Signicat.

The Signicat Authentication REST API gives you a lot of flexibility and supports headless and redirect integration flow(s) (grant type).

If you want to use an official identity protocol, we recommend using OIDC, since SAML 2.0 is much more complex to implement on your side and usually requires a federation agent already in place. OIDC is industry standard and you do not need to manage user sessions on your own (like with the Authentication REST API).

To understand the basics of how to use either of these protocols continue to the Set up a protocol section below.

Set up a protocol

This guide explains how to set up authentication with OIDC. This guide is generic and agnostic of any programming langauge. If you would like a more detailed guide, refer to the Code examples for OIDC, which has language-specific guides.

To make your application work with OIDC, you first need to obtain:

  • An OIDC client ID
  • An OIDC client secret (optional, but recommended)
  • Either an issuer URL or a discovery URL (depending on your implementation)

The next steps of this guide show how to obtain each one.

1. Obtain the client ID and client secret

  1. In the Dashboard, go to eID Hub > OIDC clients, and click the name of the client you want to use (or create a new one). If you're not sure which scopes to use for your client, select at least openid and profile.
  2. Copy the client ID that is shown on the screen.
  3. Depending on whether you already created the client, select Add secret or navigate to the Secrets tab of your client and select Add secret.
  4. Enter a name for the secret you want to create. Then, click Generate secret.
  5. Copy the secret that is displayed on the screen and save it so you can use it in the code of your application. Then, click Ok.

2. Figure out your discovery URL or issuer URL

Both items are based on the domain you're using. Which one you will need depends on how you've implemented your product.

  • The discovery URL can be accessed at the following URL: <YOUR SIGNICAT DOMAIN>/auth/open/.well-known/openid-configuration. For example, if your domain is https://verybigcorp.signicat.com, your discovery URL is https://verybigcorp.signicat.com/auth/open/.well-known/openid-configuration.
  • The issuer URL has this structure: <YOUR SIGNICAT DOMAIN>/auth/open/. For example, following the example in the previous bullet point, your issuer URL is https://verybigcorp.signicat.com/auth/open/

3. Prepare your integration

Prepare the code for your integration, using the information obtained in the previous steps.

Test the flow

Run your application locally and test the authentication flow.

You will need a test user to complete the authentication. For example, you can use the following credentials for Norwegian BankID:

National identity numberOne-time passwordPassword
01100844350otpqwer1234
Note

For information on creating test users for a specific ID method, you can find your desired method on the ID methods page, which includes test information.

Next steps