Document toolboxDocument toolbox

Provisioning

OIDC Clients must be configured according to the below instructions in order to gain access to the services supported by the OpenID Connect Provider from BankID.

The provisioning process is separate for each supported environment and results in security credentials issued to the requesting party. The client must use these credentials to authenticate with selected endpoints of the REST API  of the OIDC Provider. Client configurations are maintained across releases of the OIDC Provider in each environment unless specified otherwise.

EnvironmentClient provisioning requests
PRE-PROD / CURRENTVisit the service desk for OIDC pre-production and supply the required information in your request
PRODContact salg@bankidnorge.no and supply the required information in your request. A valid contract with BankID Norge AS or one of its resellers is required for provisioning in production.

The CURRENT environment is not yet available for provisioning of OIDC Clients.

Required information

 The following information must be supplied as part of the provisioning request:  

ItemWhat
1The requested environment (PRE-PROD, CURRENT, PROD)
2

Description of the OIDC Client and its intended use. 

3

A display name for the OIDC Client that will be shown in the header of the (default) OIDC dialogues.

4

Contact information for both technical and commercial issues.

5

Requested OAuth2 flows

6

Requested Identity Providers. See section below on BankID merchant certificate if BankID is among the requested IDPs.

7

Requested Value Added Services (VASs).

8

One of more URLs where control will redirected back to the OIDC client (redirect URLs must be pre-registered for safety reasons).

9Requested access to Norwegian National Identity Number. Note that such access will only be granted for eligible applications.

BankID merchant certificate

OIDC Clients requesting access to the  BankID service will by default use a shared BankID merchant certificate already hosted by the OIDC Provider unless a dedicated BankID merchant certificate is requested. See the below table for instructions on how to obtain dedicated certificates for each of the environments. BankID will be responsible for installation, hosting and management of the dedicated certificate on behalf of the requesting party. 

EnvironmentDedicated BankID certificates
PRE-PROD / CURRENTPlease use the RA self-service tool for PRE-PROD to order a test certificate for your organization. After ordering is completed please use the tool to also active the certifiate in question. Then download the resulting certificate file (.bid file) and attach it to your provisioning request along with the pre-set password (qwer1234) for the certificate file.
PROD

Inform salg@bankidnorge.no about your request for a dedicated certificate and BankID Norge will take care of ordering, activation and installation of the certificate. BankID Norge will need your organization number, organization name and the desired common name of the certificate to fulfill the request.