Configure ID Austria services
This page describes how to create and configure a service for ID Austria. This consists of the following steps:
- Sign up to the Signicat Dashboard.
- Activate ID Austria in your Signicat account.
- Register a service provider in USP.
- Configure the service in the Signicat Dashboard.
To learn how to complete each step, see the corresponding sections below.
1. Sign up to the Signicat Dashboard
If you do not have an account already, then you need to sign up to the Signicat Dashboard for free and complete the initial preparations. To do this:
- Sign up to the Signicat Dashboard and register your profile.
- Ensure that you have created an organisation.
- Create an account. To do this:
- Go to Signicat Dashboard > Organisation, then select + Add account.
- Enter an account name, choose the type of account that you want to create, then select Create.
- Create a domain. To do this:
- Go to Signicat Dashboard > Settings > Domains, then select + Add domain.
- To create a standard domain, enter a domain name. Then, select Add domain.
- To create a custom domain, follow the instructions in the Custom domains documentation.
We recommend that you create a sandbox account to test our services before going live. Sandbox and production accounts must be set up separately.
Test and production environments
The ID Austria system has two separate environment types:
- Test system (REF): Use case approval within one hour.
- Production system: Use case approval requires an accreditation process.
You need to create and manage your services separately for the test and the production environment. For development purposes, we recommend you start by working in the ID Austria test environment and match its configuration to a sandbox account in the Signicat Dashboard.
2. Activate ID Austria
Once you have signed up and created your account, you need to activate ID Austria as an eID in the Signicat Dashboard.
To complete the instructions on this page, you will need to navigate between both the Signicat Dashboard and Mein USP. For easier navigation, we recommend opening each link in separate browser tabs.
- Signicat Dashboard
- Mein USP (ID Austria' Unternehmensserviceportal)
Get URIs
Activating ID Austria in the Signicat Dashboard generates a set of Redirect URIs. These are links pointing to the Signicat domains in your account. Later, you need these Redirect URIs when you create a service provider in Mein USP.
To activate ID Austria in the Signicat Dashboard, do the following:
- Go to Signicat Dashboard > Products > eID and Wallet Hub > eIDs
- Select + Add new.
- From the list of eIDs, select ID Austria.
- In the ID Austria configuration page, select Get URIs. This generates the Redirect URIs, which are web links to the domains in your Signicat account.
- Copy the Redirect URIs. You need these to register a service provider in USP.
Before you can continue with the service configuration, you need to register a service provider in USP using these Redirect URIs, as shown below. Then, you will return to this tab to fill in the service configuration.
3. Create a service provider in USP
In the ID Austria system, the term service provider refers to the use case for identity verification, such as identification, login, or age verification. You, as a service owner, need to register every use case by using separate service providers. For each service provider, you need to define and substantiate which attributes (personal information of the user) you wish to request.
Every use case requires a dedicated service provider in the ID Austria system.
Register your use case
Before you begin, make sure you have all the required information for your service, including:
- A publicly accessible privacy policy URL. Note: Your privacy policy must be written in German.
- A service logo that is a 960x120 pixel PNG file, with a maximum size of 1 MB.
- The Redirect URIs you obtained in the Signicat Dashboard.
To manage service providers, the USP provides access to the ID Austria Service Provider Registration System (IDA-SPR), which enables you to configure your use cases for both the production and reference environments.
You can access the ID Austria Service Provider Registration System (IDA-SPR) in Mein USP. The IDA-SPR provides all further operations necessary for registering and managing service providers for both the production and the test environment (or REF environment). You can learn more about the IDA-SPR system here.
To register a new service provider, you need to complete the following steps:
- Log in to Mein USP.
- Click Administration.
- Go to Alle Services.
- Depending on the desired environment, select one of the following:
- Production: E-ID Service Provider
- Test: E-ID Service Provider (Ref) This opens the respective IDA-SPR for the production or test environment.
- In the Übersicht der service provider (Overview) page, select Neuen Service Provider anlegen to create a new service provider.
- Enter a Name and a Unique ID for your service provider. Select Speichern to save the changes.
- Create a new version of the service provider by selecting Neue Version anlegen.
- Now, configure your service provider as explained in the Service provider configuration section.
For more details about the steps, visit the Verwaltung und Konfiguration von Service Providern am IDA-SPR guide for ID Austria.
Service provider configuration
General Information
In this section, you provide basic details about your service provider. An asterisk (*) indicates a required field.
| Field | German field name | Instruction |
|---|---|---|
| Version name* | Versionsname | Enter a name for the new version, for example, v2. |
| Version description | Versionsbeschreibung | Enter a short description for internal reference. Do not enter personal data. |
| Purpose of use* | Verwendungszweck | Explain the purpose of your service provider and how it uses the e-ID system. |
| Reasons that prevent activation* | Gründe, die einer Freischaltung... | List any reasons that might prevent activation, such as data protection proceedings. |
| Friendly Name | Friendly Name | Enter the public name for your service that users will see. |
| Privacy Policy URL* | Datenschutz Policy URL | Enter the direct URL to your service's privacy policy. Note: The Privacy Policy must be written in German. |
| Friendly URL | Friendly URL | Enter the URL for your service's public webpage. |
| Public display | Öffentlich anzeigen | Select this checkbox to list your service on the id-austria.gv.at website. |
| Logo* | Logo | Upload your service logo. The file must be a 960x120 pixel PNG, and less than 1 MB. |
Provide the name of your company and a link to your company website. End-users will see this information when performing an authentication.
You must provide a logo of your company. The file must be a 960x120 pixel PNG, and less than 1 MB. End-users will see your logo when performing an authentication.
Configure authentication
Set the authentication methods for your service.
| Field | German field name | Instruction |
|---|---|---|
| Test identity support | Testidentitäten Unterstützung | Select this checkbox to enable support for test identities. |
| eIDAS support | eIDAS Unterstützung | Select this checkbox to enable eIDAS support. |
| Own area / Selected area | Eigener Bereich / Ausgewählter Bereich | Select the appropriate area for your service provider. |
| Use powers of attorney | Vollmachten verwenden | Select this checkbox if your service uses powers of attorney. |
Select attributes
Select the user attributes that your service provider requires.
- From the Personal attributes and Additional attributes lists, select the checkboxes for the attributes your service needs.
- In the Reason box, you must enter a justification for each attribute you request.
Note that attribute requests for production systems must undergo an accreditation process.
Therefore, you should only request attributes applicable to your use case (in line with GDPR policies). For example, attributes related to users' health are rarely approved unless you have a valid reason to process the data.
Provide technical metadata
Configure the technical protocols and endpoints for your service. This guide covers the OIDC setup.
Here you need to enter the Redirect URIs that you previously obtained in the Signicat Dashboard.
| Field | German field name | Instruction |
|---|---|---|
| Enter forwarding addresses* | Weiterleitungsadressen eintragen | Enter the redirect URIs that you obtained in the Signicat Dashboard. Wildcards aren't supported. |
| OIDC Requested Claims support | OIDC Requested Claims unterstützen | Select this checkbox only if your service uses the claims parameter in OIDC requests. |
| I need an OIDC encryption certificate | Ich benötige ein OIDC... | Select this checkbox if you need an OIDC encryption certificate. |
Save your changes
When you have finished entering all the information, select Save. To discard your changes without saving, select Cancel.
Create an OIDC secret
To connect your service provider in ID Austria to the service configuration in the Signicat Dashboard, you need to create an OIDC secret in the IDA-SPR. If you need to create a new secret, do this:
- Go to the service provider overview page in Mein USP.
- Select your service provider.
- At the top right, select OIDC Secret neu erstellen to create a new secret.
Note that it can take up to 30 minutes for a newly created OIDC secret to become active.
Note that you will need to save this OIDC secret and use it later on to complete the service configuration in the Signicat Dashboard.
Activate your service provider version
Once your service provider version is fully configured in the Entwurf* (**Draft) state, follow these steps to validate and activate it for use in your environment.
- In the Mein USP portal, navigate to your service provider version and click Technische Prüfung starten (Start technical review). The ID Austria system will automatically check your settings.
- Await validation results. The system will update the status of your version based on the outcome of the technical review.
- On success: The version's status will change to Aktivierbar (Ready to activate), indicating it is valid and ready for activation.
- On failure: You will receive an error notification. You must correct the specified errors, and resubmit the version for review.
Approval timesReceiving approval for your use case varies depending on the environment you use:
- Test system (REF): Use case approval within one hour.
- Production system: Use case approval requires an accreditation process by the Austrian Government and may take up to 4 weeks.
Note that applying changes to an existing service provider may require further accreditation if the changes affect previously accredited data.
- Click the Aktivieren (Activate) button to make the version active.
Upon successful activation, your service provider version will be in the Aktiv (Active) state and ready to handle authentication requests.
Only one service provider version can be active at any given moment. Activating a new version will automatically deactivate any previously active version.
4. Configure the service in the Signicat Dashboard
To configure your service, you need the Client ID/Unique ID and the OIDC Secret of the service provider that you configured in ID Austria's IDA-SPR at Mein USP. Make sure you have these client credentials ready before you proceed.
- Go to Signicat Dashboard > Products > eID and Wallet Hub > eIDs
- Select + Add new.
- From the list of eIDs, select ID Austria.
- In the ID Austria configuration page, select Get URIs to open the service configuration.
- In the service configuration page, enter the following values:
- Name: A descriptive field for you to recognise this service.
- Client ID: This is the Unique ID of your service provider in the IDA-SPR portal.
- Client Secret: This is the OIDC Secret you generated in the IDA-SPR portal.
- Select Add to save the changes and activate ID Austria.
Now, you can verify that ID Austria is present in your eIDs list, with status set to Active. Here is how the steps look like in the Dashboard:
In the Signicat Dashboard, each service has a unique identifier code (UUID). This allows you to specify the service in your authentication request. If you leave the query parameter empty, the default service is used instead. You can set any service as the default one in the ID Austria configuration page in the Signicat Dashboard.
Adding more services
A service provider corresponds to a use case like age verification and onboarding. Therefore, you should separate your use cases accordingly and create as many service providers as you need.
To add a new use case, you need to repeat steps 2-4 on this page.
When you add a new service provider, remember to create a corresponding service in the Signicat Dashboard.
Test your configuration
After you've configured your services both in the Signicat Dashboard and ID Austria's Mein USP, you can run a preview authentication in a few clicks. To test your configuration, see the Try it out in the Signicat Dashboard section.
Next steps: Implement
After you have activated ID Austria, you are ready to implement your integration with an authentication protocol. This is when you create the logic to build authentication requests and handle user routing in your application. The eID and Wallet Hub supports the following authentication protocols:
You can build your integration with one of the protocols, by following the respective guide: