Developer Pages

# About Norwegian BankID

This is a high-level description about Norwegian BankID for readers that are unfamiliar with how Norwegian BankID works.

Norwegian BankID changes

Norwegian BankID is currently implementing changes to its BankID solution. The main changes are that they are moving towards a more app-based solution and that they offer a new product type, BankID Biometric. BankID Biometric provides a simpler user experience at the cost of a lower level of assurance (substantial).

# Use cases

If you are not familiar with how Norwegian BankID is used, here are some typical use cases:

  • Identity proofing: To become a customer of a bank, you have to register as a user for the first time. To prove your identity, you can choose to use Norwegian BankID, among others, as an ID method.

  • Authentication: As a registered customer with a bank, you will be able to apply for a loan. To be able to log in to your bank, you have to authenticate to prove your identity. Norwegian BankID can be used for authentication, the same way it can be used for registering as a new customer.

  • Signing: You can use Norwegian BankID to electronically sign one or more documents, for example a loan application in a bank.

The same service is used for these use cases. However, the ID method can be configured with different flows. For example, onboarding a new customer is a one-time occurrence, while authentication is a repetitive action for the customer. You may set up a simpler user flow for recurring authentications. The level of assurance that is required depends on the services you offer.

# Level of assurance

The eIDAS Regulation (opens new window) has established three assurance levels for electronic identification, namely "low", "substantial" and "high", where "high" is the highest level of assurance. The LoA levels in the below table is self-proclaimed by Norwegian BankID. Thus, if you need more information about the level of assurance used by Norwegian BankID, please contact Norwegian BankID. (opens new window)

A lower level of assurance results in the user not being able to perform certain actions which require a higher level of assurance. Scenarios where the user will need a higher level of assurance can be:

  • When providing health information or similar person-sensitive information.
  • When onboarding users (KYC).

# Norwegian BankID's product types

Here is an overview of the product types that Norwegian BankID offers:

Name Description Level of Assurance
BankID High Allows end-users identify themselves with the highest identity assurance level. High
BankID Biometric Allows end-users to identify themselves with biometrics (face, fingerprint, PIN). It requires the BankID app installed on a mobile device. Substantial
BankID on Mobile Allows end-users to identify themselves using a mobile instead of a code device.
Note: BankID on Mobile will be phased out by Norwegian BankID in September 2024.		 High

# BankID app

End-users can use the BankID app as an authenticator instead of code devices and BankID OTP (one-time password). The app can be used with both BankID High and BankID Biometric (mandatory). The users can download the Norwegian BankID app for free from App Store or Google Play Store. Once installed, the user activates the app by following the instructions in the app.

Screen example (click the arrow)

BankID app click-to-zoom

This app includes ID verification by reading ID cards and passports. This will be useful when the Norwegian AML regulation is changed to allow users onboarding remotely.

# BankID High

When a user tries to authenticate with BankID High, they must first enter their national identity number ("Fødselsnummer"). Then they are prompted to confirm their login with some authenticator options (BankID with app, BankID with code device or BankID on Mobile), followed by entering a password.

Here is a user flow screen example:

Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide

# BankID Biometric

BankID Biometric allows users to identify themselves with the use of biometrics. It provides a simpler user experience than BankID High and BankID on Mobile at the cost of a lower level of assurance, substantial.

When a user tries to authenticate with BankID Biometric, they must first enter their national identity number ("Fødselsnummer"). They are then prompted to confirm/continue their login on their BankID app on their mobile device, and are asked to authenticate with one of the following biometrics (depending on how their mobile device is configured):

  • Face recognition
  • Fingerprint
  • PIN

Here is a user flow screen example from an iPhone:

Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide

In the above example, you will not see the last biometrics step as it is not allowed to capture iPhone's FaceID.

# BankID on Mobile

When a user tries to authenticate with BankID on Mobile, they must first enter their phone number and date of birth, followed by a personal PIN code on their mobile device.

Important:

Be aware that BankID on Mobile will be phased out by Norwegian BankID in September 2024.

# Result with user information

The user information available after a successful authentication may differ slightly between different issuers. Important parameters are:

  • National identity number (fødselsnummer)
  • Name
  • Birth date
  • Valid from
  • Valid to
  • Issued by
  • PID, unique ID specific to Norwegian BankID

For more details about available user information, see the Attributes reference.

Last updated: 11/04/2024 07:47 UTC

Demo