Developer Pages

# About Norwegian BankID

This is a high-level description about BankID for readers that are unfamiliar with how BankID works.

BankID changes

BankID is currently implementing changes to their BankID solution. The main changes are that they are moving towards a more app-based solution and that they offer a new BankID product type, BankID Biometric. BankID Biometric provides a simpler user experience at the cost of a lower level of assurance (substantial).

# BankID's product types

Here is an overview of the product types that BankID offers (with links to Signicat's implementation of them):

Name Description Level of Assurance
BankID High This is a rebrand of the regular BankID. High
BankID Biometric This new product allows end-users to identify themselves with biometrics. It requires the BankID app installed on a mobile device. Substantial
BankID on Mobile This is the same product as before.
Note: BankID on Mobile will gradually be phased out by BankID. It's expected to live until 2024.		 High

Level of assurance

The eIDAS Regulation (opens new window) has established three assurance levels for electronic identification, namely "low", "substantial" and "high", where "high" is the highest level of assurance. The LoA levels in the above table is self-proclaimed by Norwegian BankID. Thus, if you need more information about the level of assurance used by BankID, please contact BankID. (opens new window)

A lower level of assurance results in the user not being able to perform certain actions which require a higher level of assurance. Scenarios where the user will need a higher level of assurance can be:

  • When providing health information or similar person-sensitive information.
  • When onboarding users (KYC).

# BankID app

End-users can use the BankID app as an authenticator instead of code devices and BankID OTP (one-time password). The app can be used with both BankID High and BankID Biometric (mandatory). The users can download the BankID app for free from App Store or Google Play Store. Once installed, the user activates the app by following the instructions in the app.

Screen example (click the arrow)

BankID app click-to-zoom

This app includes ID verification by reading ID cards and passports. This will be useful when the Norwegian AML regulation is changed to allow users onboarding remotely.

# BankID High (BID)

When a user tries to authenticate with BankID High, they must first enter their national identity number ("Fødselsnummer"). Then they are prompted to confirm their login with some authenticator options (BankID with app, BankID with code device or BankID on Mobile), followed by entering a password.

Here is a user flow screen example:

Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide

# Setup

The BankID High flow is selected by passing acr_values=nbid_idp:BID (BID=BankID High). For more technical details, see Setup of BankID.

# BankID Biometric (BIS)

BankID Biometric allows users to identify themselves with the use of biometrics. It provides a simpler user experience than BankID High and BankID on Mobile at the cost of a lower level of assurance, substantial.

When a user tries to authenticate with BankID Biometric, they must first enter their national identity number ("Fødselsnummer"). They are then prompted to confirm/continue their login on their BankID app on their mobile device, and are asked to authenticate with one of the following biometrics (depending on how their mobile device is configured):

  • Face recognition
  • Fingerprint
  • PIN

Here is a user flow screen example from an iPhone:

Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide

In the above example, you will not see the last biometrics step as is is not allowed to capture iPhone's FaceID.

# Setup

Since BankID Biometric is only available on mobile devices, it needs to be prefilled explicitly in the acr_values parameter, acr_values=nbid_idp:BIS (BIS=BankID Biometric).

For more technical details, see Setup of BankID.

# BankID on Mobile (BIM)

When a user tries to authenticate with BankID on Mobile, they must first enter their phone number and date of birth, followed by a personal PIN code on their mobile device.

Important:

Be aware that BankID on Mobile will gradually be phased out by BankID, starting in 2022. It's expected to live until 2024.

# Setup

The BankID on Mobile flow is selected by passing acr_values=nbid_idp:BIM (BIM=BankID on Mobile).

For more technical details, see Setup of BankID.

Last updated: 10/10/2023 10:56 UTC

Use cases