For the complete documentation index, see llms.txt

Get started with the integration

Have you tried it out in sandbox?

We recommend that you test our services with your sandbox account before implementing them in production.

Initial preparations

Before you can start integrating with Smart-ID, you need to complete the preparatory steps to register with Signicat and receive access to Smart-ID.

1. Sign up to the Signicat Dashboard

If you do not have an account already, then you need to sign up to the Signicat Dashboard for free and complete the initial preparations. To do this:

1. Sign up to the Signicat Dashboard and register your profile.
2. Ensure that you have created an organisation.

Account types

We recommend that you create a sandbox account to test our services before going live. Sandbox and production accounts must be set up separately.

2. Access to Smart-ID

Before you can create a production account, you need to configure Smart-ID access with an onboarding manager. To get help with this, please contact us.

3. Define the service provider name

For the complete documentation index, see llms.txt

When enabling access, your onboarding manager will ask you what service provider name you prefer to be displayed for your end-users in the login screens. Signicat will send this to SK ID solutions and let you know when this name is approved. This name will be the same for both Smart-ID and Mobiil-ID.

4. Create a production account in the Dashboard

Once you have received the needed permissions, you can create the account from the Signicat Dashboard:

For the complete documentation index, see llms.txt

1. Go to Signicat Dashboard > Organisation management.
2. Click Add Account.
3. Enter the name of your account under Account Name.
4. Tick the Production account type.
5. Click Create to create the new account.

5. Create a domain

To connect to an eID you need to create a domain in the Signicat Dashboard. To do this:

1. Go to Signicat Dashboard > Settings > Domains, then select + Add domain.
2. To create a standard domain, enter a domain name. Then, select Add domain.
3. To create a custom domain, follow the instructions in the Custom domains documentation.

Certificate information

There are no certificate exchanges needed to use Smart-ID.

Add eID to the Dashboard

For the complete documentation index, see llms.txt

1. In the Signicat Dashboard, navigate to Products > eID and Wallet Hub > eIDs.
2. Click + Add new in the top right.
3. Choose the eID from the list. Then, fill in any required configuration and click Add.
4. Now, review that the eID is available and displayed as "Active" in the eIDs page.

Select protocol

To establish a connection between Signicat Smart-ID and your application, you need to use a standard authentication protocol.

For the complete documentation index, see llms.txt

Supported authentication protocols

Signicat supports the standard OpenID Connect (OIDC) and SAML 2.0 protocols. In addition, we offer our bespoke Signicat Authentication REST API.

The protocol you choose depends on your goals and preferences. The Authentication REST API provides flexibility and an easy setup. Otherwise, we recommend OIDC, since SAML 2.0 is much more complex to implement and usually requires a federation agent. OIDC is an industry standard with managed user sessions, unlike the Authentication REST API.

To learn more about these authentication protocols, see the Signicat eID and Wallet Hub documentation.

Set up the protocol

To learn how to set up an integration with an authentication protocol, make a selection using the buttons below:

Quick start guide

Get started with the eID and Wallet Hub in minutes

Set up an OIDC client

Set up an OIDC client before you start the integration

Set up a SAML connection

Exchange metadata to set up a SAML connection with Signicat.

For more information about the different protocol types, see the Signicat eID and Wallet Hub documentation.

Country selection

By default, end-users are prompted to select their country when authenticating with Smart-ID. To bypass this selection screen and route the authentication request directly to a specific country provider, use the dokobit_idp optional parameter.

Country codes

To learn about how you can define the country selection in your authentication request, choose the appropriate authentication protocol tab below:

OpenID Connect

To pre-define the country to use for authentications with OIDC, you can specify the country code in the acr_values parameter by passing the dokobit_idp parameter in the ACR values.

For example, you can route your end-users authenticating in Estonia (ee) with the following snippet:

acr_values=dokobit_idp:ee

Example request

https://<YOUR_SIGNICAT_DOMAIN>/auth/open/connect/authorize?
  &client_id=<OIDC_CLIENT_ID>
  &response_type=<GRANT_TYPE_CODE>
  &redirect_uri=<REDIRECT_URI>
  &scope=openid%20profile%20idp-id%20nin
  &state=<STATE>
  &code_challenge=ABC123
  &code_challenge_method=S256
  &acr_values=idp:sk-smartid%20dokobit_idp:ee

To learn more about acr_values, see the acr_values documentation.

Try it out

To run a test authentication with Smart-ID, select the guide for the respective authentication protocol:

• Test connections with OIDC.
• Test connections with REST API.

Testing your connection

We recommend you test your integration with Smart-ID after you create a connection with an authentication protocol.

Data and attributes

You can specify the users' personal information to obtain in an authentication session by using attributes in your request. Learn more about the attributes supported in the Attributes reference page.