About itsme®

Page contents

• How it works
• Geographic coverage
• Process flow
• itsme® services
• Level of Assurance (LoA)
• User data
  • Subject ID
• External links
• Next steps

How it works

itsme® allows to securely identify end-users digitally with validated attributes.

Through Signicat, you can implement itsme® in your application and provide your end-users with the possibility to identify and/or authenticate themselves through their trusted bank environment.

Itsme® uses multi-factor authentication and each itsme® action requires consent from the end-user. These features allow the end-user to decide what data to share and with whom.

Geographic coverage

itsme® is an eIDAS-notified identity provider in Belgium. Although the scheme originated in Belgium, it is now available in the following countries:

• Belgium
• Estonia
• France
• Ireland
• Italy
• Luxembourg
• Portugal
• The Netherlands

itsme® has millions of users in the Belgium market. In other countries, adoption of itsme® is limited but increasing steadily.

For an overview of countries and ID documents supported by itsme®, visit the official coverage page at https://www.itsme-id.com/en-BE/coverage (opens new window).

Process flow

The following steps represent an example of an itsme® flow:

• The end-user visits your website and proceeds to onboard/authenticate through itsme®.
• Your backend sends a request to the Signicat platform to trigger an itsme® process for the end-user.
• The end-user is redirected to itsme® where they must provide their mobile phone number in the itsme® UI. On a mobile device, end-users view directly the itsme® app without the need to provide their mobile number.
• In the itsme® mobile app, the end-user must consent to sharing their data. After consenting, the end-user is redirected back to your website.
• Signicat then retrieves a confirmation of a successful transaction and returns the attributes to you.

The following video shows an example of an identity verification flow with itsme®:

Note that itsme® offers separate services to address different digital use cases. This means that for each itsme® service:

• The end-user follows a distinct UX flow.
• You need to tailor your request to Signicat.
• The end-user data you can receive in return varies per itsme® service.

itsme® services

The itsme® scheme supports different use cases, designed to address different identity verification scenarios.

Signicat supports the following itsme® services:

• Authentication: to authenticate recurring end-users. Use this to log in end-users securely to your application.
• Identification: to identify, onboard end-users, access their verified data and/or sign documents with Advanced Electronic Signature (AES).
• Signing: to sign documents electronically with Qualified Electronic Signature (QES) (advanced configuration on request).

You can control which service process to trigger for your end-users by using scopes and parameters in your integration. You can specify scopes in the authorisation request of an authentication protocol. Find out how in the Attributes reference documentation.

Note that each service leads to a separate UX flow for the end-user and involves different personal information.

Level of Assurance (LoA)

The European Union officially recognised itsme® as a reliable means of identification at a high Level of Assurance.

When you connect to itsme® through Signicat, you always receive a response with LoA high.

User data

The itsme® Identification service provides the following user information (note that other services return less information):

• First name(s)
• Family name
• Sex
• Date of birth
• Email address*
• Phone number
• (Legal) address*
• Postal code*
• City*
• Country*
• Locale*

Enabling additional data attributes on the service can be agreed on during onboarding. National identification number in Belgium is only available if legally justified. Additional data includes:

• Place of birth
• eID card number (the eID card serial number)
• National identification number (in Belgium: "Rijksregisternummer")
• Nationality*
• Issuance locality*
• Validity of the eID card*
• eID picture* (portrait picture of the cardholder)

*Note that itsme® does not guarantee the availability of these attributes for all end-users.

Subject ID

The itsme® Authentication service only returns a unique ID (subject ID) for a specific end-user. To verify an end-user across recurring authentications, you should match the unique ID of the end-user with the ID obtained in a previous itsme® identity verification process. This way, you use the subject ID as a means to log in end-users returning to your application.

For an overview of all attributes and claims for each itsme® service, read the Attributes reference documentation.

National identity number (NIN)

The national identity number (NIN) is only available for end-users with a document issued by the Belgian government.

itsme® does not return NIN for end-users of other countries. However, you can access document information, such as document number, expiration date and document type.

External links

Here is a list of useful references itsme® concepts:

• Information about itsme (opens new window)
• itsme® document repository (opens new window)
• itsme® branding guidelines (opens new window)

Next steps

Integration guide

Follow step-by-step guides to connect to itsme

Attributes reference

Attributes and response examples per protocol