Skip to main content

Initial preparations

Sign agreements and order certificates

Before you can start integrating with Signicat's implementation of Norwegian BankID in production, be aware of the following prerequisites.

Prerequisites

To obtain merchant credentials, you need to provide Signicat with the following details:

  • Your organisation contact information: Name, mail and phone number.
  • Your organisation number (Norwegian, Swedish or Danish organisation number). If you do not have an organisation number, you need in any case to get registered in a Norwegian bank, since only Norwegian banks issue Norwegian BankID certificates.
  • Contact information for the signer in your organisation: Name, mail and phone number.
  • Contact information for those who have the permit to revoke/block the certificate: Name, mail and phone number (up to 2).
  • The display name that you want in the Norwegian BankID client (for example your company name). This will be the name that the end-user sees when authenticating to your service.
  • The bank that should issue the certificate. It must be your main Norwegian bank.
  • If a national identity number is required, you need to provide legal proof/documentation reference to a Norwegian law that you are eligible to retrieve this.

Signicat will fill in the rest of the needed information for the agreement.

Signer requirements

The signer must be someone that holds either a Norwegian BankID, a Swedish BankID or a MitID user that is allowed to sign according to Brønnøysund Register Centre and the Certificate of Incorporation. If not, there should be a power of attorney.

Order certificates

Merchant certificate

Before you can integrate with Norwegian BankID in production, you must obtain a merchant certificate (BrukerstedsBankID) from Norwegian BankID. A merchant certificate is a business certificate that can represent an organisation. A business certificate is intended to ensure communication and identification to and from organisations. The certificate does not hold any personal information.

A merchant certificate will be generated and stored in the Norwegian BankID infrastructure. It is Norwegian BankID that manages the merchant certificate for you.

User certificate types

User certificates are “Banklagret”, which means that they are stored centrally in the Norwegian BankID infrastructure. It is possible to use a “Banklagret” BankID from any computer. PersonBankID is defined by Norwegian BankID as a type of a client certificate. It is a personal BankID which can be used both for authentication and signature.

Sign an agreement with Signicat

Signicat presents an offer and information about needed steps you must follow to have a fully functional eID solution running through Signicat. To get help with this, please contact Signicat.

You will sign the agreement electronically.

Installation

Normally, an onboarding manager will have the role as technical responsible in the Norwegian BankID agreement. This person will receive instructions from the bank or Norwegian BankID on how to connect to Norwegian BankID. When the necessary details are received, they will be installed on your account in Signicat's system and made available for you from your unique customer-specific configuration. When the configuration is set up in test, you may verify your merchant certificate by sending calls to the Norwegian BankID authentication or signature service, using test users.

Credentials

Sandbox credentials

This will usually be Signicat's test credentials for use in Signicat's test environments. It may only be used to authenticate test users (not real live persons).

Production credentials

Credentials for production represent your business in the Norwegian BankID and Signicat production environments. A certificate will be issued by your bank and stored in the Norwegian BankID infrastructure. It may only be used to authenticate real live persons (not test users).

Initial setup in Dashboard

Once you have received the needed access to the BankID service, you can add a production account, connect a domain to the account and add Norwegian BankID to the Dashboard.

Create a production account

To create the production account from the Signicat Dashboard:

  1. Click the name of your organisation at the top left of the screen and then select Manage.
  2. Under Organisation management, click Add Account.
  3. Enter the name of your account under Account Name.
  4. Tick the Production account type.
  5. Click Create to create the new account.

Set up domain

When you have created a production account, you can add a domain to this account.

  1. In the Signicat Dashboard, go to Account management > Domain management. If you are a member of multiple accounts, make sure you are in the correct account by checking the account name in the top left of the screen.
  2. Click Add domain.
  3. To add a standard (Signicat) domain, enter the name of your subdomain in the Domain name field.
  4. Click Add domain to create the new domain.

For more setup options, see Add a domain in the Dashboard setup section.

Add Norwegian BankID to the Dashboard

  1. In the Dashboard, navigate to eID Hub > ID Methods.
  2. To enable the ID method, click Add new in the top right.
  3. Choose the ID method from the list. Then, click Save.
  4. Now you can see the ID method listed and enabled with status "Active" in the ID methods list.

Select a protocol

To establish a connection between Signicat's Norwegian BankID implementation and your application, you need to use a standard authentication protocol.

Supported protocols

Signicat supports the standard OIDC and SAML 2.0 protocols. In addition, we offer the Signicat Authentication REST API.

Choice of protocol depends on what you prefer and what you want to achieve. The Authentication REST API gives you a lot of flexibility and is easy to set up. Between the other two, we recommend using OIDC, since SAML 2.0 is much more complex to implement on your side and usually requires a federation agent already in place. OIDC is industry standard and you do not need to manage user sessions on your own (like with the Authentication REST API).

For more information about the different protocol types, see the Signicat eID Hub documentation.

Next steps

Continue the integration with your chosen authentication protocol: