About itsme®
How it works
itsme® allows to securely identify end-users digitally with validated attributes.
Through Signicat, you can implement itsme® in your application and provide your end-users with the possibility to identify and/or authenticate themselves through their trusted bank environment.
Itsme® uses multi-factor authentication and each itsme® action requires consent from the end-user. These features allow the end-user to decide what data to share and with whom.
Geographic coverage
itsme® is an eIDAS-notified identity provider in Belgium. Although the scheme originated in Belgium, it is now available in the following countries:
- Belgium
- Estonia
- France
- Ireland
- Italy
- Luxembourg
- Portugal
- The Netherlands
itsme® has millions of users in the Belgium market. In other countries, adoption of itsme® is limited but increasing steadily.
For an overview of countries and ID documents supported by itsme®, visit the official coverage page at https://www.itsme-id.com/en-BE/coverage.
Process flow
The following steps represent an example of an itsme® flow:
- The end-user visits your website and proceeds to onboard/authenticate through itsme®.
- Your backend sends a request to the Signicat platform to trigger an itsme® process for the end-user.
- The end-user is redirected to itsme® where they must provide their mobile phone number in the itsme® UI. On a mobile device, end-users view directly the itsme® app without the need to provide their mobile number.
- In the itsme® mobile app, the end-user must consent to sharing their data. After consenting, the end-user is redirected back to your website.
- Signicat then retrieves a confirmation of a successful transaction and returns the attributes to you.
The following video shows an example of an identity verification flow with itsme®:
itsme demo
Note that itsme® offers separate services to address different digital use cases. This means that for each itsme® service:
- The end-user follows a distinct UX flow.
- You need to tailor your request to Signicat.
- The end-user data you can receive in return varies per itsme® service.
itsme® services
The itsme® scheme supports different use cases, designed to address different identity verification scenarios.
Signicat supports the following itsme® services:
- Authentication: to authenticate recurring end-users. Use this to log in end-users securely to your application.
- Identification: to identify, onboard end-users, access their verified data and/or sign documents with Advanced Electronic Signature (AES).
- Signing: to sign documents electronically with Qualified Electronic Signature (QES) (advanced configuration on request).
You can control which service process to trigger for your end-users by using scopes and parameters in your integration. You can specify scopes in the authorisation request of an authentication protocol. Find out how in the Attributes reference documentation.
Note that each service leads to a separate UX flow for the end-user and involves different personal information.
Level of Assurance (LoA)
The European Union officially recognised itsme® as a reliable means of identification at a high Level of Assurance.
When you connect to itsme® through Signicat, you always receive a response with LoA high.
User data
The itsme® Identification service provides the following user information (note that other itsme® services return less information):
- First name(s)
- Family name
- Sex
- Date of birth
- Email address*
- Phone number
- (Legal) address*
- Postal code*
- City*
- Country*
- Locale*
To access additional data attributes, you must request them during onboarding. For example, retrieving the Belgian national identification number of an end-user is subject to legal restrictions that requires you to justify the purpose. Additional attributes you may request are:
- Place of birth
- eID card number (the eID card serial number)
- National identification number (in Belgium: "Rijksregisternummer")
- Nationality*
- Issuance locality*
- Validity of the eID card*
- eID picture* (portrait picture of the cardholder)
* itsme® does not guarantee the availability of these attributes for all end-users.
Data availability varies depending on the type of account you are using.
- In a sandbox account, you can test your integration with all available attributes.
- In a production account, certain attributes may be restricted by GDPR regulations or subject to specific legislation. In such cases, you must apply for additional authorisation.
For additional information, contact us.
Subject ID
The itsme® Authentication service only returns a unique ID (subject ID) for a specific end-user. To verify an end-user across recurring authentications, you should match the unique ID of the end-user with the ID obtained in a previous itsme® identity verification process. This way, you use the subject ID as a means to log in end-users returning to your application.
For an overview of all attributes and claims for each itsme® service, read the Attributes reference documentation.
The national identity number (NIN) is only available for end-users with a document issued by the Belgian government.
itsme® does not return NIN for end-users of other countries. However, you can access document information, such as document number, expiration date and document type.
External links
Here is a list of useful references itsme® concepts: