E-Ident

Get started
Step 1
Step 2
Step 3
Overview
OpenID Connect
SAML
Service access
Operational information
User experience
eIDs
Test users
BankID (NO)
BankID (SE)
BankID on mobile (NO)
Buypass (NO)
Finnish Bank ID
Finnish Trust Network
MitID (DK)
Mobiilivarmenne (FI)
Mobile-ID
Nets ID Verifier
Nets ID Verifier SDK
Smart-ID
Verimi
Belgian eID
Error codes
Release notes
Contact us

Mobile-ID

​​Mobile-ID is a SIM card based digital identification document which is always with you when you have your mobile phone. The eID is available in Estonia and Lithuania.

Enable Mobile-ID in your services

To get you started with Mobile-ID identification through E-Ident, you will need an agreement with Nets.  Other configuration settings are supplied in the setup dialogue with support.

More information about Mobile-ID:

Information about the end user

​Type​OIDC​SAML​Comments
​Birth date

​birthdate

Requires: scope=profile

 ​DOB​End user's birth date.
​Country
c
Requires: scope=cert
 ​C
​The country from end user's certificate.
​End user certificate

certificate

Requires: scope=cert

CERTIFICATE​End user's Mobile-ID certificate. 
​Certificate policy OID
certpolicyoid
Requires: scope=cert
CERTPOLICYOID
​The certificate policy OID connected to the end user's certificate.
​Common name
 ​cn
Requires: scope=cert
 ​CN
​The common name from end user's certificate.
​Distinguished name

dn

Requires: scope=cert

DN​Distinguished name from end user's certificate. 
Family name

family_name

Requires: scope=profile

 ​SURNAME​End user's surname.
​Given name

​given_name

Requires: scope=profile

 ​GIVENNAME​End user's first/given name.
Identifier​

mobileid_pid / pid
 ​MOBILEID_PID
​Unique identifier of user in the E-Ident service.
​Level of Assurance
​acr
ACR
Only for Estonia-
Accepts acr_values as urn:eident:acrp:level:high or urn:eident:acrp:level:substantial or urn:eident:acrp:level:low
Always returns- 
urn:eident:cert:eidas:high​
​Full name

​name

Requires: scope=profile

 ​FULLNAME​End user's full name.
​Social security number
 ​ssn
Requires: scope=ssn
 ​SSN

​End user's social security number. 
Country issuing the SSN
 ​ssn_issuing_country
Requires: scope=ssn
 ​SSN_ISSUING_COUNTRY
​The country connected to the end user's SSN. 

Handling of SSN

The social security number (SSN) of an end user will be returned if the SSN scope is set (OIDC) or the returnssn parameter is set to true. The SSN is returned as the ssn claim/attribute and the ssn issuing country is returned in the ssn_issuing_country claim/attribute.

Note: The SSN is also indirectly returned if you request the scope=cert as the ssn can be deducted from the result.

User experience

Step 1 (enter national identity number and phone number)

Step 1 - 1.PNG

Step 2 (verify control code and enter pin on mobile phone)

Step 2.PNG

User display text

A text will be displayed to the user on his/her mobile phone during identification. The text can be set using the transactiontext and the mobileid_display_text_format parameters on the identification request. The mobileid_display_text_format may be one of:

  • GSM-7 (default if not set)
  • UCS-2 

For GSM-7, the max lenght of the transactiontext parameter is 40 characters, while UCS-2 allows for 20 characters (including Cyrillic characters ÕŠŽ šžõ and ĄČĘĖĮŠŲŪŽ ąčęėįšųūž). 

Mobile-ID logo

If needed, the Mobile-ID logo can be downloaded from here.