Skip to main content

Initial preparations

Prerequisites

Before you can start integrating with Signicat's implementation of FTN in production, be aware of the following prerequisites.

Access to FTN

Before you can create a production account, you need to configure FTN access with an onboarding manager. To get help with this, please contact us.

Define the service provider name

When enabling access, your onboarding manager will ask you what service provider name you prefer to be displayed for your end-users before and during the authentication.

We recommend using a short name to avoid a line break.

You can also specify your service provider name:

If the service provider name is not defined in neither of the above mentioned ways, your organisation name from the Dashboard will be displayed by default.

Message Level Encryption (MLE)

Due to requirements from Traficom, you are required to use Full Message-Level Encryption (MLE) for authentication with FTN.

There are two different ways to achieve this. The first is required and the second is only required in certain circumstances:

  1. Receiving encrypted responses from Signicat (required)
  2. Sending encrypted requests to Signicat (optional)
Important

If you are sending personally identifiable information (PII) as part of your request, you will also need to send encrypted requests.

For more details on how to set this up, see the general protocol descriptions:

Initial setup in Dashboard

Once you have received the needed access to the FTN service, you can add a production account, connect a domain to the account and add FTN to the Dashboard.

Create a production account

To create the production account from the Signicat Dashboard:

  1. Click the name of your organisation at the top left of the screen and then select Manage.
  2. Under Organisation management, click Add Account.
  3. Enter the name of your account under Account Name.
  4. Tick the Production account type.
  5. Click Create to create the new account.

Set up domain

When you have created a production account, you can add a domain to this account.

  1. In the Signicat Dashboard, go to Account management > Domain management. If you are a member of multiple accounts, make sure you are in the correct account by checking the account name in the top left of the screen.
  2. Click Add domain.
  3. To add a standard (Signicat) domain, enter the name of your subdomain in the Domain name field.
  4. Click Add domain to create the new domain.

For more setup options, see Add a domain in the Dashboard setup section.

Add FTN to the Dashboard

  1. In the Dashboard, navigate to eID Hub > ID Methods.
  2. To enable the ID method, click Add new in the top right.
  3. Choose the ID method from the list. Then, click Save.
  4. Now you can see the ID method listed and enabled with status "Active" in the ID methods list.

Select a protocol

To establish a connection between Signicat's FTN implementation and your application, you need to use a standard authentication protocol.

Supported protocols

Signicat supports the standard OIDC and SAML 2.0 protocols. In addition, we offer the Signicat Authentication REST API.

Choice of protocol depends on what you prefer and what you want to achieve. The Authentication REST API gives you a lot of flexibility and is easy to set up. Between the other two, we recommend using OIDC, since SAML 2.0 is much more complex to implement on your side and usually requires a federation agent already in place. OIDC is industry standard and you do not need to manage user sessions on your own (like with the Authentication REST API).

For more information about the different protocol types, see the Signicat eID Hub documentation.

Next steps

Continue the integration with your chosen authentication protocol: