Initial preparations

Before you can start integrating with Signicat's implementation for DigiD, you must complete a series of steps that include signing agreements and obtaining certificates.

This page contains information about the onboarding steps you need to take before you can start testing and using DigiD.

Note that the DigiD application process requires communication between your organisation and Logius, the provider of DigiD, and also between your organisation and the Signicat onboarding team.

Pre-production and production

It is important to note that you must first integrate in a pre-production/test environment.

You can integrate with DigiD in a production environment only after you have received approval on your pre-production setup.

Checklist for DigiD

• 1. Sign agreements with Signicat
• 2. Comply with Logius requirements
• 3. Register with RvIG
• 4. Configure your Signicat account
  • Create a sandbox account with a custom domain
• Next step

1. Sign agreements with Signicat

The first step to connect to DigiD involves signing contractual agreements with Signicat. These are necessary to grant you access to our services. In particular, you need to sign:

1. An agreement contract
2. A data processing agreement (DPA) (signed by a legal representative)

If you want to integrate with DigiD, contact us to get started with these agreements:

Type of organisation

Note that integration with DigiD is restricted to organisations offering services in the public domain such as the government, educational institutes, healthcare institutions or pension funds.

2. Comply with Logius requirements

Before you can connect to DigiD, your organisation must comply with the mandatory security and infrastructure requirements of Logius.

Your connection needs to meet the criteria specified in:

• DigiD ICT security guidelines for web applications (opens new window)
• Checklist aansluiten (opens new window)

Your DigiD connection must undergo an official assessment by an external and certified DigiD auditor within two months after going to production. Your organisation should arrange the audit as part of the integration process. Note that organisations connected to DigiD undergo an annual ICT security assessment.

You can find more information in the official connection procedure for DigiD (opens new window).

About Signicat and DigiD

The Signicat integration of DigiD specs undergoes a separate yearly assessment for which we supply our DigiD Generieke Third-Party Mededeling (TPM) certificate to our service providers. You use the Signicat TPM certificate in your audit with Logius.

3. Register with RvIG

Registration with the Dutch governmental organisation Rijksdienst voor Identiteitsgegevens (RvIG) is needed when organisations intend to use a person's BSN attribute.

As part of the assessment, RvIG checks whether your organisation can be authorised to request a person's BSN during authentication.

You can find the application form for BSN eligibility in the Aanvraagformulier Toetsing BSN-gerechtigdheid (opens new window).

4. Configure your Signicat account

New customers

If you are a new Signicat customer, you need to first complete the following steps:

• Sign up to the Signicat Dashboard (opens new window).
• In the Signicat Dashboard, set up an organisation.

When integrating with DigiD, you must first test and get approval for the pre-production account before you can proceed with the integration in a production account.

Logius offers two separate environments for your integration with DigiD:

• Pre-production (test environment)
• Production

Signicat matches this design with two separate types of accounts:

• Sandbox account
• Production account

The subsection below guides you through your account configuration in the Signicat Dashboard.

Create a sandbox account with a custom domain

To test DigiD in the pre-production environment, you need to create a sandbox account with a custom domain in the Signicat Dashboard.

To do this, go to the Signicat Dashboard (opens new window) and:

1. Create a sandbox account. For detailed instructions, see the Create an account section.

   Existing customers

   If you are an existing Signicat customer, you may reuse a sandbox account that you have previously created.

2. Add a custom domain to the sandbox account.

   Custom domain

   Note that you must add a custom domain. Accounts with a Signicat subdomain (for example, mycompany.signicat.com) cannot be used to connect to DigiD.

   Using Let's Encrypt certificates

   If you wish to use Let's Encrypt (opens new window) certificates as TLS server certificates for DigiD, you must use a .nl domain. Learn more in the Logius documentation (opens new window).

Once you have created a sandbox account with a custom domain, you can proceed to create a Certificate Signing Request (CSR). This is needed to obtain PKIo certificates for DigiD.

Next step

2. Order certificates

Create a CSR and purchase PKIoverheid certificaes