Go to production
To set up DigiD CombiConnect in production, you first need to set up a connection in a pre-production (sandbox) environment and get it approved by Logius. So, make sure you have completed the steps, as described in the Setup up DigiD CombiConnect for your pre-production environment.
Prerequisites
Before you can prepare your application for production, you must have completed the prerequisite steps:
- Purchase a PKIoverheid certificate for production environments.
- Get your pre-production setup approved by Logius.
1. Create a production account
To connect to DigiD CombiConnect in production, you need to set up a production account with a custom domain in the Signicat Dashboard. You can always reuse a production account that you created previously. To create a new production account, do the following:
- Go to Signicat Dashboard > Organisation management.
- Select Add Account.
- Enter the name of your account under Account Name and tick the box for Production account. Note that this requires that already completed your company's onboarding in the Dashboard.
- Select Create to create the new account.
In the next screen, select Add new domain to add a custom domain.
Add a custom domain
To add a custom domain, follow the instructions for Custom domains. Then, return to this page to continue with the integration.
Note that you must add a custom domain. Accounts with a Signicat subdomain (for example, mycompany.app.signicat.com) cannot be used to connect to DigiD.
If you wish to use Let's Encrypt certificates as TLS/SSL server certificates for DigiD, you must use a .nl domain. Learn more in the Logius documentation.
2. Upload PKIo certificates
This step assumes that you have already purchased a PKIoverheid certificate for production. Learn how in the Order certificates guide.
Once you have purchased and received the PKIo certificates from a certificate provider, you need to upload the public part of the certificates (.pem or .cer file extension) to the Signicat Dashboard.
To upload a PKIo certificate to the Signicat Dashboard, do the following:
- Navigate to Account management > Signing Certificates.
- In the Signing Certificates section, select Upload certificate to upload the PKIo certificate from your device.
Alternatively, you can send us the new PKIo certificate either by creating a support ticket in the Signicat Dashboard or by contacting your onboarding manager.
Please allow up to 4 hours for the certificates to become active and ready for use. If you require expedited processing, contact us by creating a support ticket in the Signicat Dashboard and request priority handling.
When you upload a PKIo certificate, you store the (public) PKIo certificate in the Signicat Dashboard infrastructure. To view your certificates, do the following:
- Go to Signicat Dashboard > Products > eID Hub.
- In the left-side menu, navigate to Advanced > Certificates.
- Here, you can review your active certificates and access more details, such as issuer and validity window.
3. Set up a connection
Follow the steps 1-6 in the Set up DigiD CombiConnect guide. Then, come back to this page to activate your connection in production.
4. Activate your connection
Submit a request for activation of your connection to the DigiD CombiConnect production environment in the DigiD Wijzigingsformulier. In the form, select "Ik wil mijn productieaansluiting activeren".
5. Ask Logius to approve your connection
After you set up the connection in production, you need to test it and submit a request for approval by Logius.
- Test your implementation using the Checklist for connecting to DigiD.
- Apply changes to meet the requirements.
- Ask Logius to verify your integration by requesting a connection test with the form CombiConnect - Aansluitformulier voor één DigiD dienst.
6. Audit and assessment
Your DigiD CombiConnect integration in production should adhere to security standards to ensure secure end-user authentication. Logius performs audits and checks to ensure your infrastructure and connection comply with such requirements.
Your DigiD CombiConnect integration must undergo an official assessment by an external and certified DigiD CombiConnect auditor within two months after your application is live in production.
Additionally, organisations that use DigiD CombiConnect must conduct an annual IT security assessment.
Arrange the audits according to the specifications in the DigiD ICT-beveiligingsassessments guide.
Signicat, as a third-party provisioning services for DigiD CombiConnect, undergoes a Rapporten voor de Serviceorganisatie (RSO, formerly TPM) yearly assessment. For this we to plan the RSO audit as early as possible in the year. We can also provide you with our DigiD Generieke RSO certificate to use in your audit.
Note that the yearly required assessment planning for municipalities in NL and for DigiD CombiConnect occurs at different times of the year and might lead to some delays. Therefore, we recommend you plan sufficient time around the assessment with municipalities' own audits.