Skip to main content

Set up DigiD pre-production

Initial preparations

To set up DigiD in pre-production, start with the steps described in the Initial preparations page.

1. Add DigiD in the Dashboard

You can now add and enable DigiD as an ID method in the Signicat Dashboard. To do this:

  1. In the Dashboard, go to eID Hub > ID Methods.
  2. To enable the ID method, click Add new in the top right.
  3. Choose the ID method from the list. Then, click Save.
  4. Now you can see the ID method listed and enabled with status "Active" in the ID methods list.

ID method configuration

DigiD Dashboard settings

DigiD Dashboard settings

You can edit the settings of your DigiD connection:

  • Strip sector code from nameID: Logius sends a prefix with the citizen service number (BSN). Some service providers can't handle that. Tick this checkbox to strip away the sector code/prefix.

Adjust the settings as necessary and click Save to apply the changes.

Advanced configuration

To configure advanced settings, go to the "Advanced" tab in the DigiD page and specify:

  • Select attribute filter: Select an attribute filter to control which attributes you want to include, or exclude, from the response. You can create attribute filters in the Dashboard > eID Hub > Advanced > Attribute filters.
  • Include only when scoped: If ticked, the ID method will not be visible by default on the ID method selection screen, unless you specify it by using IdP scoping.
  • Response attribute mappings: You can customise the name of the attributes received in the response body. Provide none or multiple name-to-name mappings.
  • Use web flow on mobile device: If you are configuring the WEB flow for your connection, you may still want to use it from mobile devices. If you are using the DigiD app, the redirect (in some situations) opens in the mobile device's native browser. In such cases, we need to perform an operation called "session restoration" which may incur in security issues. We have taken a number of mitigations on our side to reduce the risks of such threats. However, some risks cannot be addressed on our side. If you want to use this option, you have to accept such risks. you can contact us by creating a support ticket in the Signicat Dashboard.
    Mitigating risks

    To fully mitigate the residual risk, we recommend you implement the following on your side: You should only accept a response back from Signicat if you are able to match that response to a request that you have sent earlier. You can achieve this, for instance, by storing the request you have sent in the user session.

2. Get Signicat metadata

When you activate DigiD in the Signicat Dashboard, you can download the Signicat SAML metadata (in XML format). You need the Signicat metadata when applying for DigiD with Logius in the next step.

To get the metadata file:

  1. In the Dashboard, go to eID Hub > ID methods.
  2. Select DigiD from the list of active ID methods.
  3. Select Get Signicat metadata to download the XML file to your device.

3. Request DigiD pre-production

To connect to DigiD pre-production, you need to fill in the Logius Aanvraagformulier. In the application form, upload the Signicat metadata in XML format that you obtained in the previous step.

According to the Logius Roadmap, you receive connection details for access to the DigiD pre-production environment within five working days.

4. Set up a connection with a protocol

To establish a connection between Signicat DigiD and your application, you need to use an authentication protocol.

Choose a protocol

Supported protocols

Signicat supports the standard OIDC and SAML 2.0 protocols. In addition, we offer the Signicat Authentication REST API.

Choice of protocol depends on what you prefer and what you want to achieve. The Authentication REST API gives you a lot of flexibility and is easy to set up. Between the other two, we recommend using OIDC, since SAML 2.0 is much more complex to implement on your side and usually requires a federation agent already in place. OIDC is industry standard and you do not need to manage user sessions on your own (like with the Authentication REST API).

For more information about the different protocol types, see the Signicat eID Hub documentation.

Set up the protocol

For information on how to set up the different protocols, see the eID Hub - Quick start guide.

Data and attributes

To learn more about attributes, scopes and claims supported by each authentication protocol, visit the Attributes reference page.

5. Get your pre-production setup approved

After you set up the pre-production web/mobile service connection, you need to test it and submit a request for approval by Logius. Here are the steps to follow:

After Logius approves your pre-production connection, you are ready to integrate with DigiD in production.

Next step