# Norwegian BankID

# About Norwegian BankID

Norwegian BankID (as well as Norwegian BankID on Mobile) is an electronic identity scheme in Norway that can be used for digital onboarding (Assure), authentication (Connect) and electronic signing (Sign) of documents. BankID is based on a coordinated infrastructure that is developed by the banks through the Norwegian BankID Cooperation, under the direction of the “Finansnæringens Hovedorganisasjon” and “Sparebankforeningen”.

Signicat is the leading provider of Norwegian BankID in Norway with over 75% of the total BankID traffic. Signicat is delivering BankID to banks, consumer finance firms, insurance companies, government services as well as small and medium business segments.

More than 68% of the total Norwegian population has a Norwegian BankID.

# Demo

If you want to see how Norwegian BankID works, you can use Signicat's demo service.


You will need to use a test user for the demo. For more information, refer to Test BankID for end-users.

# Method names in authentication URLs

When you want to redirect the end-user so they can authenticate, you have to include the name of the relevant method in the redirect URL. The tables below show which method names are available for Norwegian BankID. For further information about the authentication URL, see the Authentication API.

# Authentication and digital onboarding

Method name Description
nbid Regular Norwegian BankID
nbid-nossn Norwegian BankID without national identity number
nbid-aml Norwegian BankID with anti money laundering data

Only nbid can be used for authentication-based signing.

# Third-party signing

Method name Description
nbid-sign Recommended BankID signing which results in a document containing data for long term validation. Can be packaged to a PAdES document (a signed PDF document) after signing.
nbid-sign Regular Norwegian BankID signing
nbid-nossn-sign Norwegian BankID signing without national identity number

# Digital onboarding

Norwegian BankID can be used for digital onboarding of a user, through user identification. The ID method can be used as a stand-alone method or in combination with other services provided by Signicat to assure an identity, like identity paper verification, lookups and video assurance.

# Use case

To be able to apply for a loan in Norwegian banks you first have to register and become a customer of a bank. During this digital onboarding process, you can choose to use Norwegian BankID, among others, as an ID method to register as a user for the first time.

# Screenshots

Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide

# Authentication

When the user has completed the digital onboarding process, as mentioned above, Norwegian BankID can be used for authentication to connect by verifying an existing user’s identity. Getting started guides for authentication with the different authentication protocols can be found here.

The authentication will result in a type of response that will depend on the type of authentication protocol used. See the Result section for an example.

# Use case

As a registered customer in a bank, you will be able to apply for a loan. To be able to log in to your bank you have to authenticate to prove your identity. Norwegian BankID can be used for authentication, in the same way as it can be used for registering as a new customer.

# Screenshots

Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide

# Result

An example of an OpenID Connect response when Norwegian BankID is used for authentication can be found here.

An example of a SAML 1.1 response when Norwegian BankID is used for authentication can be found here.

# BankID AML

BankID includes an API toolkit called BankID AML, whose main aim is to help merchants counter money laundering and terror financing, as well as comply with AML legislation. This API can also be used if you integrate with Signicat's identity hub. Bear in mind, however, that if you are accessing the API through Signicat it can only be used to gather information about individual persons, not organisations. When using Signicat, BankID AML works like this:

  1. Signicat gathers the following information from the BankID authentication process: national identification number, name and nationality.

  2. Signicat passes the name and national identification number to the AML service. The AML service uses two different endpoints: one for address and one for pep-sanctions from the EU and the UN. The source for the address information is usually Bisnode, unless the merchant has been onboarded with the Norwegian national population register (Folkeregisteret).

  3. The AML service sends a response containing the following information: The home address of that person, if there are any matches. PEP sanctions, if applicable.

  4. Signicat takes the response from the AML service and returns all the received information as an attribute in its response.

It is important to point out that BankID AML is only conceived as part of the BankID authentication process, not as an independent API or microservice. If the merchant requests the activation of the BankID AML service, the service will be provided for every BankID authentication that is carried out.

# Electronic signatures

For electronic signing of documents Norwegian BankID can be used in two ways; Authentication-based signing or third-party signing.

The first alternative, authentication-based signing, is Signicat's own signing solution, which supports the use of any type of authentication method provided by Signicat. Norwegian BankID as an authentication method is used for this alternative, where the authentication result is reused for signing. It will ensure a unified output format in accordance with EU specifications, as well as a scalable, responsive flow supporting about any modern device standards and window sizes.

The second alternative is to perform native signing with Norwegian BankID as a third-party method. Here, Norwegian BankID’s native signing support is used for signing. It will not follow the same output formats and cannot be guaranteed to support responsive flows, nor necessarily support all of the same signing functionality as the authentication-based alternative.

The signing result will, in either of the alternatives chosen for signing, result in a PAdES (PDF Advanced Electronic Signature) consisting of one or more signed documents (XAdES, implemented as LTV-SDO). See the Result section for signing result examples.

For more information about getting started with electronic signatures, the different signing methods and more, see our electronic signature documentation.

# Use case

With Signicat's electronic signature solution, you can sign (as well as view or upload) one ore more documents, for example loan applications, contracts etc. with Norwegian BankID. Signing with authentication-based signing will allow you to sign all the documents at once, while the third-party signing will require you to sign the documents one at the time. See the Screenshots section below for an example.

# Screenshots

The screenshots illustrate the flow when Norwegian BankID is used for authentication-based signing. There are two documents for signing, "Letter of intent" and "Contract details", as well as one document for view only, "Information about Signicat".

Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide

# Result

The signing result will result in a PAdES (PDF Advanced Electronic Signature) consisting of one or more signed documents (XAdES as LTV-SDOs).

For an example of an LTV-SDO, as a signing result with authentication-based signing and Norwegian BankID as signature method, see here.

For an example of a PAdES, as a signing result with authentication-based signing and Norwegian BankID as signature method, see here.

If you are building your own browserless native app and want to use mobile text-only signing, or Consent Signature, via Signicat, you can do this using our OpenID Connect (OIDC) API as a mediator. Refer to our documentation on Consent Signature for detailed information on how to integrate Consent Signature.

# How to get started with Norwegian BankID

To get started with Norwegian BankID you have to obtain a Merchant Certificate for Norwegian BankID (or use the Shared merchant certificate for Norwegian BankID).

# Obtain Merchant Certificate

  1. Information needed from the merchant:
    • Organisation number
    • Contact information of a contact person at the merchant – name, mail and mobile.
    • Contact information of the signer at the merchant – name, mail and mobile. This must be someone with procuration and be able to electronically sign with Norwegian BankID, if not an authorisation must be provided.
    • Contact information of receivers of operations related information from BankID Norway – name, mail and mobile (up to 2 persons).
    • Contact information for those who have the permit to revoke/block the certificate – name, mail and mobile (up to 2 persons).
    • “Firmaattest”. The merchant with procuration can get this document from
    • Legal basis for getting the fødselsnummer (national identification number), if the merchant is going to obtain the fødselsnummer.
    • The merchant name that will be visible in the BankID client.
    • Production URL.
  2. Signicat will fill in the rest of the needed information for the agreement and send it to the merchant.
  3. The agreement will be signed electronically.

# Business certificate information

"BrukerstedsBankID" is a business certificate that can represent a company or an organisation. A business certificate is intended to ensure communication to and from companies and organisations. It is not stored any personal information or personal identification in a business certificate.

The BrukerstedsBankID certificate will be stored in your system or in the system of a service provider like Signicat AS. A BrukerstedsBankID can be copied to other computers that you want to use.

# For pre-production

BrukerstedsBankID certificate for pre-production will usually Signicat's test merchant certificate for use in Signicat test environments. It may only be used to authenticate test users (not real live persons). For production

BrukerstedsBankID certificate for production represents your business in the BankID and Signicat production environments. This certificate will be issued by your bank, after you have performed the Merchant test and have sent a signed test declaration to the bank. It may only be used to authenticate real live persons (not test users).

# User certificate types

User certificates are “Banklagret”, which means that they are stored centrally in the bank. It is possible to use a “Banklagret” BankID from any computer. PersonBankID is defined by BankID as a type of a client certificate. It is a personal BankID which can be used both for authentication and signature.

# certificate policies

An issued certificate contains a reference to a certificate policy used when issuing the certificate. The reference is in the form of an OID located in the certificate policies extension. BankID has defined different policies for different types of subscribers:

Reference (OID) Certificate type
2.16.578. Bank-stored end-user PERSONAL certificate
2.16.578. Bank-stored end-user EMPLOYEE certificate
2.16.578. Bank-stored end-user Qualified PERSONAL certificate
2.16.578. Bank-stored end-user Qualified EMPLOYEE certificate
2.16.578. BankID on Mobile end-user Qualified PERSONAL certificate
2.16.578. Merchant soft certificate
2.16.578. Merchant HSM certificate

# User information

The user information available after a successful authentication may differ slightly between different issuers. Important parameters are:

  • Fødselsnummer
  • Name, full name or plain-name
  • Birth date
  • Valid from
  • Valid to
  • Issued by
  • PID, unique ID specific to Norwegian BankID

The user information available after a digital signature is the same as for an authentication. The signed document contains the digital signature produced by the user when they signed the document. This is sufficient for proving that the user actually signed the document.

The signed documents are represented in a SEID format, which is a Norwegian standard.

# Test information

Signicat's test environment is available 24×7 and may be used during your development and test phase. All use of this environment is free.

# Test BankID for merchants (BrukerstedsBankID)

Test BankID for merchants (BrukerstedsBankID) will be issued by your bank after you have signed “Avtale om BrukerstedsBankID” (merchant BankID agreement).

# Installation

Normally, a person at Signicat Operations will have the role as technical responsible in the BankID agreement. This person will receive instructions from the bank of how to activate the BrukerstedsBankID. When it is activated, it will be installed into the certificate store in Signicat's system and made available for you from your unique customer-specific configuration. When the configuration is set up in test, you may verify your merchant certificate by sending calls to the BankID authentication or signature service, using test users.

# Test BankID for end-users

There are two types of BankID for end-users: PersonBankID and AnsattBankID. Both types are stored in the banking system, which means that there is no need for any certificate installation on the client. Access only requires that you have the fødselsnummer, security code (sikkerhetskode) and a secret password.

You may order your own BankID test users by sending an email to and specifying name and fødselsnummer for each test user. Signicat will forward this order to BankID Norway and return the test users to you as soon as they are available.

The file must be in text format as below:

[valid personal identification number], Signicat, LastName, FirstName

# Test users

National ID Provider Last name First name One-time password Password
11113306361 Signicat Johnson John otp qwer1234
29090816894 Signicat Williams Ellie otp qwer1234
10103933108 Signicat Nordmann Ola otp qwer1234

"Fødselsnummer" (personal ID) must follow a valid syntax. It is possible to use an online generator to ensure validity, like the following site (click “vis liste”). One-time password and Password is the same for all users in pre-production.

# OIDC response example

An example of how to use the access token to return a JSON response containing the end-user's information:

# UserInfo request

curl -XGET "" -H "Authorization: Bearer ACCESS_TOKEN"

# UserInfo response

    "name":"Weasley, Ginny",

For another example that includes a defined scope, see the OIDC response examples page.

# Frequently asked questions (FAQ)

# Why can’t I choose between hardware token and mobile when using Norwegian BankID?

When starting a regular Norwegian BankID transaction (not BankID Mobile), the user’s bank will sometimes allow the user to use Norwegian BankID Mobile (or a variety of different OTP alternatives) instead of the hardware token to complete the OTP step in the transaction. Whether or not this is allowed depends on the bank which issued the user’s personal certificate. If the user’s bank supports it, the authentication window will allow the user access to a menu.

There are a number of things to note with this option:

  • This choice is not available to everyone — if it’s not available to the user, it is because the bank who issued their personal certificate does not support it
  • If a user chooses to complete the OTP step with BankID mobile, the transaction itself is still regarded as a “regular” BankID transaction — the user still has to input their personal password at the end
  • A user’s bank may not allow them to perform this OTP step with BankID mobile, but still allow them to complete true BankID mobile transactions
  • To ensure that all users are given the ability to choose, we urge our customers to make both regular BankID and BankID mobile available through their separate methods (most often called nbid and nbid-mobil). More information about authentication can be found here.

If you have additional questions, contact us at

Last updated: 09/01/2023 16:05 UTC