# Finnish Bank eIDs (FTN)
# About Finnish Bank eIDs (FTN)
Signicat supports all eIDs of Finnish banks within the framework of the Finnish Trust Network (FTN). Through one agreement with Signicat, a customer will get access to all these eIDs plus Mobiilivarmenne. The default setup for an FTN customer is that all banks and Mobiilivarmenne are shown to the end-user as login options. If a customer wants to limit the number of options, specific eIDs and Mobiilivarmenne may be removed from the menu shown to end-users.
Signicat follows FTN’s principles for strong identification. For more details, see Signicat's identification principles for FTN.
The TUPAS protocol that was previously in use for the Finnish bank eIDs is obsolete. Banks offer their eID services through OIDC or SAML2 interfaces. A Signicat FTN customer does not need any agreements nor specific technical integration towards the banks; one agreement with Signicat and one integration towards Signicat's API is sufficient. The personal data returned is the same for all eIDs.
The bank eIDs are of various types. When the end-user has selected the eID to use from the menu displayed by Signicat, the user is redirected to the selected bank’s (or Mobiilivarmenne) user interface. All eIDs supported by Signicat for FTN are “strong electronic identification” according to Finnish regulations, meaning they are Finnish eID level 2, which corresponds to eIDAS level substantial. Signicat is a licensed broker in FTN for “strong electronic identification”.
FTN eIDs may be used for onboarding and for issuing a new eID at the same or a lower assurance level. Special pricing applies. Contact Signicat Support if you have such needs for your service.
The following banks are members of the Finnish Trust Network:
- OP Bank Group
- Danske Bank
- Säästöpankki (Savings Bank)
- POP Bank
- Bank of Åland
# Signicat's identification principles for FTN
# Method names in authentication URLs
When you want to redirect the end-user so they can authenticate, you have to include the name of the relevant method in the redirect URL. The tables below show which method names are available for FTN. For further information about the authentication URL, see the Authentication API.
# Authentication and digital onboarding
The name of the method is
ftn. This method can also be used for authentication-based signing.
# Third-party signing
For third-party signing, use the method called
# How to get started with FTN
A Signicat customer may sign up for FTN for authentication and authenticated signing. No agreement with the banks or mobile operators is needed.
# Typical login and signature screenshots
The first step contains a list of all FTN banks and Mobiilivarmenne (unless the customer has decided to narrow the list). The customer decides upon layout assisted by Signicat Support. The user will select one of the banks in the list, e.g. Nordea. Then, the user will get the selected bank’s user interface, e.g. Nordea’s eID as shown below. In some cases, a language selection comes first (Finnish, Swedish, English – not all languages may be supported by all banks).
# Test users
The table below contains information about the test users of the FTN banks in pre-production environments.
- Nordea’s and Aktia’s test services only use the correct language on the first page of the login-sequence. The following pages are always in Finnish.
- The test services of Handelsbanken, Säästöpankki, POP pankki and OmaSP show login pages in both Finnish and Swedish, but the following pages are always in Finnish.
|Bank name||Login name||Password||National ID number|
|Danskebank||No pre-production environment||n/a||n/a|
|Nordea||- DEMOUSER1 |
|no password||- DEMOUSER1 = 010200A9618|
- DEMOUSER2 = 291292-918R
- DEMOUSER3 = 030883-925M
- DEMOUSER4 = 170677-924F
|Ålandsbanken||No pre-production environment||n/a||n/a|
|S-Pankki||No pre-production environment||n/a||n/a|
These are the contact details of every bank whose eID is offered through FTN.
These are the available claims for FTN.
# Error codes
# Full message-level encryption
FTN requires Full Message-Level Encryption (MLE) as well as Transport-Layer Encryption (TLS). The guides in the tabs below detail the steps required to set up MLE for OpenID Connect (OIDC) and SAML2.