Skip to main content


Here you will find a complete overview of all the most important terms used in the Signicat documentation and an explanation of each.


Your organisation can have different types of accounts in Signicat, such as production or sandbox (test) accounts. You can learn more about organisations and accounts in our Initial setup instructions.


Authentication is about recognising a returning user. It is important to have an easy way to allow them to authenticate their identity each time they log in to a website, app or service.


Authorisation is about what an end-user is allowed to do. Whilst authentication will allow an end-user to log in to an account, and thereby prove who they are, authorisation states what the end-user can now do. Examples could be allowing access to the HR system, or being allowed to enter new employees into the HR system.


This is the middle party between the identity provider and the service provider. The broker develops backend services for ID methods, so you do not need to develop this yourselves and can connect with the broker instead. For example, Signicat is a MitID certified broker that acts as an intermediate party between the MitID core system and Danish service providers.


A certificate, or digital certificate, is an electronic document used to prove the ownership of a public key. The certificate includes information about the key, information about the identity of its owner (called the subject), and the digital signature of an entity that has verified the certificate's contents (called the issuer). For Signicat, certificates are either used to secure connections or as a means of logging in.

Custom domain

The custom domain using your organisation's own domain, for an account. Not all accounts will have this. See also Signicat domain.

Digital identity

A digital identity is a person's identity in the digital space, meaning the sum of all digital information that can be linked to the person. Digital identity may also be used in a more narrow sense, e.g. for the person's official identity attributes from an identity document or from an ID method.

eID method

See ID method.


eIDAS is a 2014 regulation of the European Parliament and Council on electronic identification and trust services for electronic transactions in EU/EEA. In the Netherlands, eIDAS is provided via the eHerkenning network.

Electronic identification

The process of using personal identification data in electronic form which uniquely represents either a natural or legal person, or a natural person representing a legal person.

Electronic signature

This is data in electronic form, which is attached to or logically associated with other data in electronic form, that is used by the signatory to sign.


In Signicat terms, the end-user is the person who ultimately uses a product. For example, in B2C signing, the end-user is not the company using the Sign solution to get their documents signed, but rather the private person who signs the document.

ID method

This is an individual electronic identity method used for authentication or signing, for example BankID or Buypass in Norway, BankID in Sweden, iDIN in the Netherlands etc. An ID method is a means for a person to provide certain identity attributes, such as name, national identification number, date of birth, and so on. These attributes are stored within the ID method.

Identity method

See ID method.

Identity verification

Identity verification is the act of determining the identity of an individual or organisation. This is something the individual or organisation will do themselves. It can be done, for example, by using an ID method (which will have already been verified), or by scanning an identity document in conjunction with providing a selfie; but requirements will differ. Identity verification is useful for first time interactions with a customer, such as registration or onboarding.

Identity provider

An identity provider is the supplier of the ID method. They are responsible for issuing the digital identities to a person. Customers can choose one or more of these identity providers to enable the end-user to log on to their online applications or services. Often, the identity provider and the ID method share the same name, for example BankID in Norway and Sweden, but it might also be different. For example, Nets is the identity provider for MitID.

Internal log

This is a log that is used by Signicat's staff to analyse incidents.

Know Your Customer (KYC)

KYC is the process of a business verifying the identity of its clients. The objective of KYC guidelines is to prevent banks from being used, intentionally or unintentionally, by criminal elements for money laundering activities.

Level of Assurance (LoA)

Level of Assurance (LoA) refers to the degree of trust or confidence in the claimed identity of a person and how certain a service provider is about that person's claimed identity when using their eID to authenticate a service.

According to eIDAS regulations, there are three levels of assurance: Low, Substantial and High.

  1. Low: Self-registration in a web-page, without any identity verification.
  2. Substantial: Providing and verifying identity information and authentication by using a user name and a password and a one-time password sent to your mobile phone.
  3. High: Registering in person in an office and authentication by using a smartcard, such as a National ID Card.

National identification number

National identification numbers are used by many countries' governments as a means of tracking their citizens, permanent residents and temporary residents for the purposes of work, taxation, government benefits, health care and many other government-related functions. This number usually appears on identity documents issued by these countries.

Natural person

A natural person, in legal terms, is defined as a living human being as opposed to a corporate body.

Non-natural person

A non-natural person is any corporate body, unincorporated firm, partnership or body with legal personality other than an individual.


Onboarding is the process of allowing end-users to sign up to an online service whereby a verification of that person is carried out using an ID method. Onboarding refers to a first-time interaction with an end-user during the process of becoming a customer of a service and outlines what Signicat customers want to do to accept these new users to their service.

One-Time Password (OTP)

A One-Time-Password is a randomly generated password, which is given to the end-user; for example as a text message (SMS), an email, a postal letter, by an app on a smartphone, or by a device. When entering the OTP, the end-user proves that they are in possession of the given item. This is typically used as part of a two-step authentication.


This is the name of your company, business or organisation (one entity with a VAT number). Your organisation can have many accounts in Signicat. You can learn more about organisations and accounts in Initial setup instructions.

Organisation number

This is the number that identifies an organisation. The organisation number name varies from country to country ("Organisation Identification Number" in the Netherlands, "Enterprise number" in Belgium, "CVR" in Denmark, "Registration number" in Sweden etc.). You can use this number in Signicat Data Verification to validate company information.

Politically exposed person (PEP)

In financial regulation, a politically exposed person (PEP) is one who has been entrusted with a prominent public function. A PEP generally presents a higher risk for potential involvement in bribery and corruption by virtue of their position and the influence that they may hold.


This is the name of a specific product in Signicat's portfolio, e.g. Signing portal.

Product family

This is a group of products in Signicat's portfolio, e.g. Electronic Signing.


This is an account type used in Signicat's production environment. It contains real data. The transactions are billed.


This is an account type used in either Signicat's test or preproduction environments. It should only contain dummy data. No transactions are billed.


A software development kit (SDK).

Service provider

A service provider is a customer of Signicat. This is the party that uses the digital identity service and provides the service to the end-user, e.g. a bank, insurance company, public body etc. They offer one or more identity methods on their app, portal or website so that end-users can identify or gain access to these services.

Signicat domain

The signicat subdomain for an account (production). All accounts will have this. See also Custom domain.

Single logout (SLO)

With single log-out, an end-user can log out of all active sessions (even over multiple different service providers) by sending a single log-out request to the application of the service provider. SLO can be initiated by the end-user or the service provider, or in some cases by the IdP. SLO is session- and token-based.

Single sign-on (SSO)

With single sign-on, an end-user can log in to services once and access them without having to re-enter authentication factors. This only applies to services that are connected to the same SSO session. SSO is session- and token-based.

Time-based OTP (TOTP)

A time-based OTP will generate OTPs based on time, whereby the user has a certain, limited amount of time to enter the time-based OTP. Typically, the user will have an application running on a smart-phone for generating these. One such application is the Google Authenticator.


This is a time or feature limited account. It could be either used in the sandbox or production environment. You can use it for marketing purposes.

Two-factor authentication (2FA)

Also referred to as two-step verification or dual-factor authentication, two-factor authentication is the process in which end-users must provide two different authentication factors to verify themselves. 2FA is a secure process that helps protect both an end-user's credentials and the resources the user can access.