Digital onboarding

Using BankID in the onboarding process

BankID offers several products that will simplify the onboarding process for the end user, without compromising on regulative or operational requirements.

Our experience is that businesses have very varied needs and requirements when it comes to digital onboarding. As such, you may use our BankID products differently, depending on what you need. We've described this in three sections:

  1. Simple flow: Authenticate the end user, and retrieve their national identity number with consent
  2. Sign flow: Use electronic signing from BankID to complete the onboarding through the mutual signing of an agreement governing the customer relationship
  3. AML flow: Authenticate the user and employ BankID AML to retrieve more end-user information

Simple flow

The simple onboarding flow is an extension of our Authentication product, and it opens up the possibility for the merchant to get the end users explicit consent to store their national identity number as a part of the onboarding process. As such, this solution is relevant for you if you need to store the end user's national identity number in your own systems.

To get started with this approach:

StepWhat you doEndpointMethodConsiderationsRemarks
1

Get the key properties of the OIDC provider

openid-configurationGET

2Build the authorization URL, and redirect the user to the authorization endpointauthorizeGET

Include scope nnin_altsub.

In the callback, make sure to check for error and matching states

The user authenticates with selected IDP method
3Exchange authorization code for tokenstokenPOST

Check matching nonce.

Use the ID token to identify the user.

4Fetch our public keys and use these to validate token signaturesjwkGET

5Make a new authorize-requestauthorizeGETInclude scope nnin. Add ID token from 4) as id_token_hintThis will prompt the end-user consent for sharing their national identity number with you. For more, see consent handling
6Exchange authorization code for tokenstokenPOSTCheck matching nonce.
7Download national identity number from the TINFO resource severuserinfoGETUse Access token from 6) as Bearer tokenIf the user has not given consent, you won't be able to download this from the resource server.


Please note that merchants must be provisioned to get access to the nnin_altsub and nnin scopes. You'll need a legal reason to store and use national identity numbers. This access is given as a part of the commercial agreement process.

Sign flow

For some merchants, the customer onboarding process culminates in an agreement between the merchant and the end user. For such use cases, the electronic signing products from BankID can be employed to ensure a smooth way to close the deal. Please refer to our documentation for signing documents online.

AML flow

Businesses that are subject to anti money laundering legislation, should also consider our AML product. This may be implemented as an extension of the Authentication flow, where the merchant will also receive more data concerning the end user:

  • The end user's address, gender, birthplace and citizenship
  • Whether the end user appears on sanction lists or is a politically exposed person (which should force escalated measures from the merchant in terms of due diligence)

Please refer to our BankID AML page to learn more about this product.