Initial preparations
Prerequisites
Before you can start integrating with Signicat's implementation of FTN in production, be aware of the following prerequisites.
Access to FTN
Before you can create a production account, you need to configure FTN access with an onboarding manager. To get help with this, please contact us.
Define the service provider name
When enabling access, your onboarding manager will ask you what service provider name you prefer to be displayed for your end-users before and during the authentication.
You can also specify your service provider name:
- On the FTN configuration page in the Dashboard.
- In the protocol request, using the
ftn_sp_name
parameter. For how to set this up for the different protocols, see Integration with OIDC and Integration with Authentication REST API.
If the service provider name is not defined in neither of the above mentioned ways, your organisation name from the Dashboard will be displayed by default.
Message Level Encryption (MLE)
Due to requirements from Traficom, you are required to use Full Message-Level Encryption (MLE) for authentication with FTN.
There are two different ways to achieve this. The first is required and the second is only required in certain circumstances:
- Receiving encrypted responses from Signicat (required)
- Sending encrypted requests to Signicat (optional)
If you are sending personally identifiable information (PII) as part of your request, you will also need to send encrypted requests.
For more details on how to set this up, see the general protocol descriptions:
- OIDC: Advanced security considerations.
- SAML 2.0: Advanced URL configuration fields
- Authentication REST API: Encrypted responses from Signicat
Initial setup in Dashboard
Once you have received the needed access to the FTN service, you can add a production account, connect a domain to the account and add FTN to the Dashboard.
Create a production account
To create the production account from the Signicat Dashboard:
- Click the name of your organisation at the top left of the screen and then select Manage.
- Under Organisation management, click Add Account.
- Enter the name of your account under Account Name.
- Tick the Production account type.
- Click Create to create the new account.
Set up domain
When you have created a production account, you can add a domain to this account.
- In the Signicat Dashboard, go to Account management > Domain management. If you are a member of multiple accounts, make sure you are in the correct account by checking the account name in the top left of the screen.
- Click Add domain.
- To add a standard (Signicat) domain, enter the name of your subdomain in the Domain name field.
- Click Add domain to create the new domain.
For more setup options, see Add a domain in the Dashboard setup section.
Add FTN to the Dashboard
- In the Dashboard, navigate to eID Hub > ID Methods.
- To enable the ID method, click Add new in the top right.
- Choose the ID method from the list. Then, click Save.
- Now you can see the ID method listed and enabled with status "Active" in the ID methods list.
Select a protocol
To establish a connection between Signicat's FTN implementation and your application, you need to use a standard authentication protocol.
Signicat supports the standard OIDC and SAML 2.0 protocols. In addition, we offer the Signicat Authentication REST API.
Choice of protocol depends on what you prefer and what you want to achieve. The Authentication REST API gives you a lot of flexibility and is easy to set up. Between the other two, we recommend using OIDC, since SAML 2.0 is much more complex to implement on your side and usually requires a federation agent already in place. OIDC is industry standard and you do not need to manage user sessions on your own (like with the Authentication REST API).
For more information about the different protocol types, see the Signicat eID Hub documentation.
Next steps
Continue the integration with your chosen authentication protocol: