Test it out
This page shows you how to test out authentication with Czech Bank iD using the Signicat Dashboard.
Prerequisites
If you do not have an account already, then you need to sign up to the Signicat Dashboard for free and complete the initial preparations. To do this:
- Sign up to the Signicat Dashboard and register your profile.
- Ensure that you have created an organisation.
- Create an account. To do this:
- Go to Signicat Dashboard > Organisation, then select + Add account.
- Enter an account name, choose the type of account that you want to create, then select Create.
- Create a domain. To do this:
- Go to Signicat Dashboard > Settings > Domain management, then select + Add domain.
- To create a standard domain, enter a domain name. Then, select Add domain.
- To create a custom domain, follow the instructions in the Custom domains documentation.
We recommend that you create a sandbox account to test our services before going live. Sandbox and production accounts must be set up separately.
To test out the eID, you only need to set up a sandbox account.
Get connection URIs
To set up a connection between Signicat and Czech Bank iD, you first need to generate connection URIs that you later use to configure an app in the Czech Bank iD Dashboard. To generate connection URIs in the Signicat Dashboard, do the following:
- Go to Signicat Dashboard > Products > eID and Wallet Hub > eIDs
- Select + Add new.
- From the list of eIDs, select Czech Bank iD.
- In the configuration screen, select Get URIs to generate URIs based on your Signicat account. These are:
- Redirect URIs: The address, pointing to your domain(s), where Czech Bank iD directs its response after authentication. Multiple URIs are generated when you have multiple domains in your account. Learn more about domains in the documentation.
- Sector Identifier URI: Applies when using multiple Redirect URIs. Points to a list of all your Redirect URIs.
- JWKS URI: Hosts the JSON web key set (JWKS) to communicate with Bank iD.
- Copy the URIs. You will need them later in the process when configuring your app settings in the Czech Bank iD Dashboard.
You may leave the Signicat Dashboard and continue with next step below.
Create an app in the Czech Bank iD Dashboard
After obtaining the connection URIs, you need to register on the Czech Bank iD Dashboard where you receive credentials that you later use in your Signicat account. To do this:
- Go to https://developer.bankid.cz/dashboard.
- If you don't have an account yet, select Register and follow the on-screen steps.
- Once registered, log in to the Czech Bank iD Dashboard.
- In the Dashboard, select Create app.
- In the New app dialog, enter the name for your app. Optionally, you can upload a logo.
- Select Create app to create the new app.
After creating the app, you are redirected to the overview screen where you can manage your app configuration.
To connect the Czech Bank iD app to your Signicat account, you must configure the app settings and obtain credentials that you later add in your Signicat account, as explained in the next sections.
In the Czech Bank iD Dashboard, you can configure two types of environments:
- Sandbox: Allows you to test your connection.
- Production: Requires that you sign a contract and create an organisation.
Configure your app settings
To set up a connection between Signicat and Czech Bank iD, you need to obtain credentials by configuring your app in the Czech Bank iD Dashboard. To do this for the app that you have previously created:
-
In the app overview, select Sandbox under Environments.
-
Go to Settings to configure your environment.
-
Apply the following configuration settings:
1. General application configFill in the required fields with your desired company details.
2. Open ID Connect and OAuth2 settings- Redirect URIs: Enter the Redirect URI(s) that you previously generated in the Signicat Dashboard. This is:
https://<YOUR_SIGNICAT_DOMAIN>/idps/sandbox/bankid-cz/response. For example,https://example.sandbox.signicat.com/idps/sandbox/bankid-cz/response.
To add multiple Redirect URIs, press the Enter key and paste the URI. - Sector Identifier URI: Optional. Only required when configuring multiple Redirect URIs. Enter the Sector Identifier URI that you previously generated in the Signicat Dashboard. This is
https://<YOUR_SIGNICAT_DOMAIN>/idps/sandbox/bankid-cz/sector-identifier. For example,https://example.sandbox.signicat.com/idps/sandbox/bankid-cz/sector-identifier. - Notification URI: Any valid URL works since notifications are not processed. For example, the URL of your Signicat domain.
3. ScopesMake sure the following scopes are set to:
openid: Requiredprofile.verification: Unused
We recommend you set the other scopes to Optional. Any scope set to Required must also be configured in the Signicat Dashboard and specified in the authentication request.
4. Advanced Settings- Authorization code flow: ON
- Refresh token: Optional
- Implicit flow: OFF
- Token endpoint auth method: Client Secret POST
- JWKS URI: Enter the JWKS URI that you previously generated in the Signicat Dashboard. This is
https://<YOUR_SIGNICAT_DOMAIN>/idps/sandbox/bankid-cz/jwks. - Encrypt tokens: ON
- Elliptic curve token encryption: OFF
- Request URIs: Empty
- Redirect URIs: Enter the Redirect URI(s) that you previously generated in the Signicat Dashboard. This is:
-
Scroll to the bottom of the page, then select Apply changes and generate credentials.
-
Now, the Dashboard redirects you to the Sandbox Credentials tab. Under Credentials > Keys, note the Client ID and Client Secret generated for your app. You need to copy and paste these credentials in the Signicat Dashboard configuration, as explained in the section below.
Add Czech Bank iD in the Signicat Dashboard
After obtaining the client credentials, you need to add Czech Bank iD as an eID in your Signicat account and configure it with the Client ID and Secret obtained in the previous step. To do this:
- Go to Signicat Dashboard > Products > eID and Wallet Hub > eIDs
- Select + Add new.
- From the list of eIDs, select Czech Bank iD.
- In the configuration screen, configure the following settings:
- Client ID: Enter Client ID generated by Czech Bank iD.
- Client Secret: Enter Client Secret generated by Czech Bank iD.
- Reference SLA Guarantee: Optional. Only applies to production accounts and depends on the contract you signed with Czech Bank iD.
- Select Add to save the changes.
- Verify that Czech Bank iD is present in your eIDs list, with status set to Active.
Test Czech Bank iD
Once you have added Czech Bank iD to the list of available eIDs, you can test how it works for the end-user in the Signicat Dashboard. To do this:
- Go to Signicat Dashboard > Products > eID and Wallet Hub > eIDs.
- At the top right, select Test eIDs.
Note
If more than one eID is configured for the account, then a dialog with a list of configured methods is shown. You must select Czech Bank iD from this list.
- In the Czech Bank iD provider page, select the Bank IdP — this is a test bank.
- In the Sandbox Inc. authentication site, select the demo account JanN. You can find a list of demo accounts in the bottom-right corner. Alternatively, enter the following credentials:
- Name:
JanN - Password:
password
- Name:
- Select Log in.
- Review the personal data requested for authentication. To confirm, scroll to the bottom and select Potvrdit přístup (Confirm access).
Upon completion, you can review the list of attributes retrieved during authentication.
User flow
Below, you can preview how a typical user journey with Czech Bank iD looks like:
Test users
Czech Bank iD provides a list of test users for covering different authentication scenarios.
You can find the test users in the Czech Bank iD Dashboard. To view the test users:
- Log in to https://developer.bankid.cz/dashboard.
- Select your app.
- In the app overview, select Sandbox under Environments. Then, go to Instructions.
- Select "List of test users for Sandbox" to download the list of users.
The username is in the first row while the password for each user is always "password."
Next steps
After testing, you are ready to start integrating with Czech Bank iD through Signicat: