Signicat Enterprise Auth
Electronic Identity Authentication
Let your customers onboard in a secure and convenient manner, without compromising on user experience and regulatory compliance, and offer a smooth customer journey, all at once.
Signicat, being the most comprehensive eID hub in the worlds, offers integration to 30+ electronic eID schemes, all accessible through a single API.
Access to over 30 electronic identity schemes
Integrating with Signicat gives you access to the largest eID hub in Europe through a single point of integration. The flexibility and the range of authentication methods delivered by Signicat allows you to tailor the security of your authentication processes to your business needs, balancing bet...
Point and click integration from Auth0 platform to Signicat's digital identity platform.
Familiar authentication methods trusted by users
Increase conversion through standardized and trusted authentication methods.
Auth0 Integration Guide (OIDC)
This integration guide aims to explain how Signicat’s eIDs can be used in combination with Auth0, from a technical perspective. Auth0 provides an Identity Access Management (IAM) platform that helps companies manage and secure user authentication into applications, where Signicat provides an identity hub with many eIDs, suitable for the onboarding of new users and authentication for recurring users. A full list of all available eIDs is available at the Authentication Overview
When using both platform, synergy is achieved through the simplicity of technically linking both services. This means that Auth0 customers can easily add Signicat services through configurational activities, rather than spending time & effort on development capacity. This integration guide will further detail how Signicat services can be added through OpenID Connect (OIDC).
Signicat supports an identity hub that is able to provide many different eIDs over a single OIDC integration, this allows for customers to easily add any eID to your own application in your Auth0 tenant. Currently Signicat only supports Service Provider (SP)- Initiated Authentication flows. Since many different eIDs require specific configurations, the generic eID hub allows for the usage of login hints during the authorization flow. More information about these login hints can be found at OIDC section
The first step in the integration guide is to make sure you have both accounts setup correctly, which is a requirement before starting to configure any Application or Identity Provider.
In order to add Signicat’s eIDs through Auth0, you will need access to your own Auth0 tenant. In case you don’t have an Auth0 tenant yet, go to auth0.com/signup and request an account. After registration Auth0 will provide you with an admin dashboard, which is required in Step 2.
When adding Signicat’s eIDs in the Auth0 dashboard, you’ll need to have OIDC client credentials (Client ID & Client Secret). Signicat has an open sandbox / demo environment that can be used without account registration. These sandbox client credentials can be found at the demo service. In case you’d like to request your own client credentials, you can sign up.
Once you have access to the Auth0 admin dashboard and you have the Signicat client credentials for the OIDC connection, you’re ready to proceed with ‘Step 2 – Add Signicat OIDC Application’ and add Signicat’s eIDs to the Auth0 tenant.
This section aims to provide a full overview of all the configurational activities which are required to connect Signicat eIDs as Identity Providers through your Auth0 tenant.
Step 1 - Add Signicat OIDC Application
The purpose of this step is to add the Signicat OIDC application in the Auth0 tenant. This application will be required later in the process when adding Signicat eID’s as Identity Providers. The Signicat OIDC Application is available through the marketplace of Auth0.
Add Signicat OIDC Application
Navigate to "Applications" in the Auth0 dashboard and select Create Application .
The next step is to choose the application type you desire, provide the name of the application and click on 'Create'. In our case we've selected 'Single Page Web Application'. In this section you’ll be allowed to configure the properties of the application, you've just created. In the Settings tap, you'll find the Client ID and Client Secret of the application, while on the connections tab you're able to enable and disable connections that run over this application.
Furthermore, on the settings tab you're able to define other configurations such as application logo and redirect URLs. Any redirect URL you would like to use through the OIDC flow would should be configured in this section.
Note: Adding these redirect URIs here means they are added to the Signicat OIDC Application in Auth0, it’s also mandatory to add the exact same values for the redirect URIs to the Signicat platform. Please contact email@example.com to make sure the same redirect URIs are also added at Signicat side. Without adding the redirect URIs to both platforms, you’ll not be able to complete any end-to-end OIDC flow.
Step 2 - Add Signicat eIDs through OIDC
Once the Application has been setup correctly, it’s possible to start adding Signicat eIDs. In order to do so, navigate to the 'Authentication' tab in the Auth0 menu and click on 'Social’ in the submenu. At this section you will find the overview of all configured Identity Providers (IdPs) and it's possible to add create new connections.
In this case we're going to add a new Signicat eID. Therefore, click on "Create Connection". Under the 'New Social Connections' tab, search for "Create Custom" and select this option. This will allow you to configure a new custom IdP method through the Signicat platform. A new page will be opened to configure add the new eID.
In order to configure the new eID, the following values need to be provided.
- Name. Name of this specific connection, you’re free to decide this
- Authorization URL. This value should list the oidc/authorize URL that has been provided to you during the Signicat account setup at Step 1 and should be the URL that has to be invoked when triggering the eID on Signicat side. Please note that the
acr_valuesin this URL are different for each eID. More information about the ‘Authorization URL’ can be found here.
- Token URL. This value should list the oidc/token endpoint that has been provided to you during the Signicat account setup at Step 1.
- Scopes. The scopes will determine which attributes are returned as output of the OIDC flow, but are of course dependent on the chosen eID method. Different eID methods return different values. Please always take this into consideration. Dependent on the desired eID, you might need to include / remove other scopes. Please contact firstname.lastname@example.org in case you have specific questions about an eID.
- Client ID. This is the Client ID of the OIDC connection as setup by Signicat, this is provided at Step 1 of this guide
- Client Secret. This is the Client Secret of the OIDC connection as setup by Signicat, this is provided at Step 1 of this guide
- Fetch User Profile Script. The 'Fetch User Profile Script' can be used to provide custom attribute mapping from the data set of the IdP to the Auth0 profile. More information on this topic can be found here; Auth0 Social Connections
Once all the values are provided, it’s time to save the settings on the new connection, by clicking on “Create” at the bottom of the window. You can always go back into the configuration and make updates to the setup. In case you’d like to add multiple Identity Providers (meaning multiple eIDs), step 3 can be repeated for each of the applicable eIDs.
As mentioned earlier, differentiation between eIDs can be achieved by changing the
acr_values in the ‘Authorization endpoint’.
Under the "Settings” when adding the IdP, it’s possible to define specific configurations, such as JIT (Just-In-Time) provisioning of users, when the IdP is used by a user and the user is not known in Auth0. To learn more about such configurations, please refer to the Auth0 documentation Auth0 Social Connections
Step 3 - Enabling Identity Providers & Attribute Mapping
Enabling Identity Providers
In case the Identity Provider has been setup correctly, the IdP can be simply enabled or disabled on the created Auth0 application through the admin dashboard. In order to enable / disable such IdPs, navigate to the Application section through the menu and select the applicable application. Navigate to the connections tab within the application and you will find an overview here of the configured IdPs. You can simply enable or disable IdPs on the Auth0 application, by toggling each connection.
Each Signicat eID will deliver a different set of identity attributes, therefore Auth0 needs to understand which values will be provided by each specific eID such that these values can be mapped to the Auth0 user profile. All of these mappings are defined in the ‘Fetch User Profile Script’ within the IdP configuration. More information on how these custom scripts work, can be found on the Auth0 documentation Auth0 Social Connections
Step 4 - Testing
One of the last steps in the process is to test the configured flow, this can be achieved by either adding the OIDC flow to a frontend application or directly triggering the OIDC flow from within the Auth0 dashboard. In order to directly test the OIDC flow from the Auth0 dashboard, simply navigate to corresponding social connection in the 'Authentication' tab in the menu and select the connection. At the top right, you will find the option to 'Try Connection', as illustrated below. You can use this option to directly verify if the configuration works.
After the OIDC flow has been completed, it’s good practice to see if the user has been onboarded successfully. This can be either reviewed in the Auth0 dashboard under the ‘Monitoring’ tab in the ‘Logs’ submenu. This will display an overview of all the events that occurred on the tenant and provides support when troubleshooting a connection. searching for the user that has been onboarded.
Step 5 - Go-live
After the testing has been successfully completed, you’re ready to use the flow in production. This will require you to use the Signicat Client ID & Client Secret from the production environment. Furthermore please make sure that you’re using the production endpoints as provided by Signicat in the Step 3, to make sure the production OIDC flow is triggered.
This integration guideline is solely intended to describe the required steps to add Signicat IdPs to your Auth0 application. Any further integration of the Auth0 services into your own application is not within the scope of this document, but is well described on the Auth0 developer community. For such questions, please refer to Auth0 Documentation
In case of technical questions on Signicat related topics, please contact email@example.com