Local Identity Management (Local IdM)

Go back to advanced functionalities

There are two possible ways to integrate IdM-systems with MitID Erhverv:

Local IdM light
Local IdM in combination with Local IdP

Local IdM light

Local IdM allows for automatic synchronization of users and rights to MitID Erhverv. The automatic synchronization is achieved through a IdM API which means that the users are created in both MitID Erhverv and your local IdM-system. This gives you less administration and higher security. With Local IdM light, a user will have to activate their user profile with their private MitID.

You enter into an agreement with MitID Erhverv regarding an integration to IdM through the following two steps:

Your organisation is connected to MitID Erhverv and thereby you have accepted the terms and condition for the solution
You send an email to MitID Erhverv with a request for activation of IdM light, which includes the following information:
- Email subject line: IdM light
- Email content: CVR-number and contact information.

Email to MitID Erhverv

Local IdM in combination with Local IdP

An IdM solution in combination with Local IdP (which has been NSIS reviewed), will give you full control of users, rights and authenticators - but also the full responsibility of these.

This solution differs from IdM light, as described above, in the sense that users will be able to use locally issued authenticators instead of MitID authenticators. This offers a number of advantages for the users, e.g. they will not need to activate their user profile with their private MitID. However, it is required that the Local IdP solution is NSIS approved.

As with Local IdM, users and right will automatically synchronise to MitID Erhverv. You will benefit from:

Local administration of authenticators the you have issued yourself:
- Use of local network password as one factor
- Local help - e.g. when forgotten password or registration of two-factor unit
- Use of your own two-factor solutions
- Single sign on (SSO) across your own it-systems and public self-service solutions
Automatic synchronisation of users across:
- Local IdP
- Local IdM
- MitID Erhverv
- Option of creating activated users, who can log in immediately.

Due to the NSIS review there are high security requirements and increased costs for certifications and annual audit.

Compare options for integration with IdM

Options	Local IdM light	Local IdM + IdP
Automatic synchronization to NemLog-in	X	X
Local identity assurance		X
Certification and annual audit		X
Local network password and own two-factor authenticator		X
Local help - e.g. when forgotten password		X
Single sign-on experience for users		X

Guide: Establishing integration with Local IdM

This guide is a help to organisations wishing to integrate their organisations IdM-system with MitID Erhverv. The guide describes what you need to consider and execute in order to establish the integration.

It requires technical development to establish the integration. It is therefore adviced that you use developers experienced within your IdM-system and with knowledge related to developing an API integration.

Step 1 - Decide how you wish to integrate with IdM

Choose the form of integration between your IdM-system and MitID Erhverv, which suits your needs.

Step 2 - Prepare your NSIS review (if you choose Local IdM in combination with Local IdP)

You will have to complete a NSIS review, if you decide to implement Local IdM in combination with Local IdP.

When connecting your Local IdP you will have to document that the requirements of the NSIS level to which the IdP is approved (Low/Substantial/High) are met. You will have to prepare an audit statement as well as a management statement as documentation.