link

# FAQ

# Why is Denmark changing the digital ID infrastructure?

NemID was launched in 2010 and is based on a 10 years old infrastructure and 10 years old contracts between the Digitisation agency (digst.dk), the Danish Banks and Nets. There is a need for a more secure and user-friendly solution. For more information, see digst.dk (opens new window).

# What are the advantages of the MitID architecture compared to NemID?

For the service provider there are lots of advantages: Better support for standard security protocols, risk data support, three levels of assurance compliant with eIDAS, built-in step-up authentication to mention a few.

# How do we get started with migrating from NemID to MitID?

All service providers must use MitID through a MitID broker. You must find a MitID Broker and make a contract with them to offer MitID login or signing. For more information, see Migration from NemID to MitID.

# Must we show both NemID and MitID login to end-users during the transition period?

Signicat recommends that you support both NemID and MitID in the transition period. For more information, see Migration from NemID to MitID.

# Who can issue a MitID identity?

The government (Kommuner) and banks.

# How will MitID look like?

Seen from the end-user, there is no big difference in a typical login flow. Most of the new things are "behind the scene". For more information, see Authentication with MitID compared to NemID.

# What types of authenticators (app, chip, display device etc.) should we require from end-users to get the appropriate level of assurance (low, substantial, high)?

As a service provider, you must make a "risk assessment" for information/data assets the user can access and assign the appropriate level of assurance. Different combinations of authenticators satisfy different LoAs. For example, just "Password" will only satisfy LoA "Low", while "Password + Chip" will satisfy LoA "High". For more information, see Possible authentication combinations.

# Which environments will be available and when?

MitID will go in production in May 2021. For more information, see Timeplan.

# Will it be possible to create test identities for non-production testing?

Yes, Signicat can do that for you as our customer.

# Which protocols is supported for MitID?

SAML 2.0 and OIDC.

# How is it planned to implement functionality to increase Level of Assurance during the user session?

There is a built-in function in the MitID protocol that supports step-up from one assurance level to another. The user must only activate the authenticator required to go to next level of assurance and not do a completely new login. The step-up may require the service provider to store certain attributes from the original authentication and pass them on as request parameters. The exact protocol here has yet to be fully determined.

# Does MitID support iframes?

MitID generally does not support iframes, except under certain conditions. Instead, you can choose between implementing the login box using either redirect or popup. For more information, see the Popup or redirect section.

# Can MitID be used for payments?

It depends on the application using it. MitID is not a payment method, but an electronic identification method (eID).

Last updated: 30/11/2022 11:28 UTC