# Setup of Swedish BankID
Integration with BankID is done similarly to Signicat's other ID methods. This page describes the specifics for setting up BankID. For more general information on how to integrate with Signicat's protocols, see the Authentication quick start guide.
# Initial preparations
The setup descriptions below assume you have completed the following initial preparations:
- Sign up to the Signicat Dashboard (opens new window).
- In the Signicat Dashboard, set up an organisation, an account and a domain.
We recommend you to create a Sandbox account to test our services before implementing them in production.
# Add BankID in the Dashboard
Sign an agreement
You do not need any agreement to add BankID with a Sandbox account. However, before you can start integrating in production, you need to configure BankID access with an onboarding manager. To get help with this, follow the steps in Sign agreements and order certificate or contact us (opens new window).
To add BankID to the list of supported ID methods:
- In the Signicat Dashboard, go to Authentication > ID Methods (opens new window).
- Click Add new.
- Choose Swedish BankID in the list and click Save.
You can now continue with selecting a protocol and configuring the ID method.
# Select protocol and configure
This section describes how you select and set up different BankID integrations. You can choose between the following protocols:
- SAML 2.0
- Authentication REST API: This API provides either a redirect or a headless flow. See the general documentation for a concept description of the available flows.
Choice of protocol depends on what you prefer and what you want to achieve. The Signicat Authentication REST API (opens new window) gives you a lot of flexibility and enables options such as headless flow in addition to redirect. Between the other two, we recommend using OIDC, since SAML 2.0 is much more complex to implement on your side and usually requires a federation agent already in place. OIDC is industry standard and you do not need to manage user sessions on your own (like with the Authentication REST API).
You can find more information about the different types in the general section, Authentication protocols.
# Define intention text
You may add an intention text on the IDENTIFICATION screen of the BankID app to underline the purpose of the authentication for the end-user.
Your intention text will always be prefixed with "My intent", as shown in the following example, where the intention text is set to
Log into my online banking account:
You may also add security related information (see a screen example in the next section).
Do not use the text space for marketing or sales
Swedish BankID does not allow using this text space for other than intention of the identification and security-related information.
You can define the intention text in two ways:
# Add intention text in the Dashboard
- Open the Swedish BankID configuration (opens new window) page in the Dashboard.
- Add your intention text in the Intention text input field.
If the intention text is long and needs a scrollbar, the end-user must scroll to the bottom before they can proceed.
- Optionally, you may add formatting to the text in simple markdown format (simpleMarkdownV1). This allows you to add headings, bullets and more (for details, see Swedish BankID's guide (opens new window)). Here is an example text in markdown format:
Log into my online banking account ### Security note Remember, we will never contact you directly by telephone, email or SMS to verify your identity and will never ask you to provide your passwords or codes. If anyone contacts you directly about this, please contact us by telephone or mail: + 111 11 111 + email@example.com
This would look as follows:
- If the intention text contains formatting, choose simpleMarkdownV1 from the Intention text format drop-down menu.
# Add intention text using prefilling
You may also add intention text per transaction by using prefilling of the two additional parameters,
Notes about prefilling
- You cannot mix prefilled and configured (in the Dashboard) values. Prefilling will override the intention text you have defined in the Dashboard (see the above section).
- The additional parameters must be trusted. The Authentication REST API makes this easy, since it always provides trusted parameters. For OIDC, you must use signed authorisation requests (see the general Authentication documentation on how to do this).
To add the intention text in your integration code:
- Create your intention text. You may format the intention text using simple markdown format (see the above example).
- Encode the text into UTF-8 Base64 format. The maximum length of the the Base64 encoded string is 1500 characters.
- Include the Base64 encoded intention text into your request. For protocol specific setup and examples, see the separate Authentication REST API and OIDC sections.
- You can verify that the text looks as expected by testing a transaction in the Sandbox environment.
You can set your own theme with logo and colours in the Dashboard. For more details, see Account theming.