# About MitID
MitID (opens new window) is a new electronic ID in Denmark, replacing NemID. It is a collaboration between the Danish banks and the Danish public sector. This alliance forms a nationwide solution and provides a secure authentication mechanism for all Danish citizens and residents. MitID can be used for online banking, Digital Post, communication with public authorities, identifying yourself in other digital services and more.
# Try it out
Here is how the MitID login box will look for the end-users. Since it is a demo, any username and password will work:
For more information about the user interface, see for example Authentication flows for the end-user.
New to Signicat?
You are currently viewing the Signicat Enterprise developer pages, and this is the place to be if you are in a regulated industry, and specifically require SOC2 certification.
If not, get started today with Signicat Express here:
# Time plan
From 6. May 2021 we have been running MitID in a closed pilot phase, while mass migration will start in October 2021. After this, there will be a transition period where you can use both NemID and MitID, although NemID will be phased out by the end of June 2022.
# Pilot phase
From 6 May to October 2021, MitID is in a closed pilot phase. This means that only a limited number of end-users get access to MitID during the pilot (estimated 7000 active MitID users). In this phase, it is recommended to hide the MitID login to avoid extra support and confusion from non-pilot end-users.
Digitaliseringsstyrelsen (opens new window) leads the pilot and will send out updates and guidelines to the MitID brokers during the pilot phase. Signicat is as a broker part of this closed pilot. If you want to become part of the MitID Pilot program, please contact Signicat at email@example.com. Being part of this pilot, allows you to "test" your MitID flow in real production.
Model options in the pilot phase
In the pilot phase, the MitID end-users must apply and get approved before they can migrate from NemID to MitID. In this phase, MitID service providers can choose between four operating models:
Stay in the MitID pre-production environment and use the MitID test tool for administration of MitID test user identities.
Have Signicat enable the MitID production environment without any transactions before the mass migration begins in October.
Enable the production environment as in model 2 and apply for up to three MitID production identities (pilot end-users).
The same as model 3 but share the MitID end-user flow (e.g., link to the MitID login) with the rest of the pilot service providers and end-users. In this way, more "testing" in production can take place.
What to do?
Inform your Signicat onboarding manager about which operation model (see above) you as a service provider want to use. If you choose model 3 or 4, Signicat will ask you to provide the IP address the end-user will activate and use from MitID.dk. This is so the IP can be whitelisted.
You will also get access to the MitID app (Signicat will send you the links).
MitID includes quite a few new features that we would like to get your feedback on. During the pilot phase, we will share a questionnaire survey to get your feedback on the different steps of getting into production with MitID.
# Contact Signicat for more information
Signicat will continuously add content to this page reflecting the status of the integration.
To keep updated on the development progress, you can sign up for the latest news by sending an email to firstname.lastname@example.org.
Signicat will be happy to assist you in ordering and setting up MitID. Please contact Signicat at email@example.com for more information.
# Integrating with MitID through Signicat
Integration with MitID is done via the same API as Signicat's other ID methods. See Getting started with authentication for more information. Through the single point of integration, you can additionally get access to Signicat’s wide portfolio of integrated ID methods and also other services like signing and identity paper verification.
# Key features of MitID
This is an overview of important features in MitID:
- A common, national identity and authentication solution.
- Public actors, financial institutions and other private service providers can only use MitID through certified brokers.
- Secure login supporting all three levels of assurance (LoA) from eIDAS, Low, Substantial and High:
- Low authenticates the user with single-factor authentication, e.g. with password or chip. Low is not available in NemID.
- Substantial authenticates the user with a two-factor authenticator combination, e.g. with the MitID app on a smart phone.
- High authenticates the user with a more advanced two-factor authenticator combination, e.g. the MitID app + chip.
- Integrate with Signicat's electronic signature solution so end-users can electronically sign documents using MitID.
# Basic and add-on services (packages)
Signicat offers the MitID implementation in several packages divided into two main categories, Basic service and Add-on services:
# Basic service
The MitID Basic service is the core functionality you as a service provider need to replace NemID Login and Signing with MitID Login and Signing). The security level for MitID in the basic package is the same as NemID, i.e. Substantial level of assurance.
# Add-on services
In addition to the basic service, Signicat provides add-on services enhancing user experience, security and payment aspects:
- Advanced graphical profile: Offers the possibility to customise the graphical profile to suit your own brand. This gives the customer a recognisable login flow.
- Subdomains: Service providers can get their own MitID subdomain like service-provider.mitid.dk to eliminate confusion over where the customer is entering data.
- CPR matching: Enables service providers to get the end-user CPR number. The end-user is asked to enter their CPR number, and this is matched against the UUID number used in MitID.
- Single Sign-On (not implemented yet): Improves user experience by reducing the number of logins. If two service providers co-operate and allow single sign-on of end-users between their respective online applications, the SSO Add-on makes it simple to transfer one end-user logged in with MitID from one service provider to the other service provider without the end-user having to log in again.
- Login risk evaluation (not implemented yet): Reduces fraud by making a risk score for each MitID transaction.
- Login security levels: Facilitates differentiated login levels depending on security needs. Default is Substantial (same as NemID). With Low, you can improve the user experience. With High, you increase the security.
- Login step-up: This allows the service provider to increase LoA. For example, if the user logs in with Low, the service provider can at any time require the user to “step up” with a combination of authenticators to reach the needed LoA, typically, from Low to Substantial or from Substantial to High.
- PSD2 compliance: Protects data by not revealing which factor fails in a non-successful login.
- Transaction consent (reference text): Enables the user to see a text about what they are signing/approving.
- Business identities (Erhverv): Enables a private user to use their personal MitID to represent a privately owned company (Privat MitID til erhverv).
These services are marked as add-ons in the headings. You can also follow the links for more information about each add-on.
# Further reading
- Migration from NemID to MitID
- MitID UX scheme
- Frontend setup
- Protocols and attributes
- Test information
- Requirements for MitID service providers
# Other sources
- Information to the public about MitID on the Digitaliseringssyrelsen website (opens new window) (in Danish)
- Signicat external web site (opens new window)