Using BankID in the onboarding process
BankID offers several products that will simplify the onboarding process for the end user, without compromising on regulative or operational requirements.
Our experience is that businesses have very varied needs and requirements when it comes to digital onboarding. As such, you may use our BankID products differently, depending on what you need. We've described this in three sections:
- Simple flow: Authenticate the end user, and retrieve their national identity number with consent
- Sign flow: Use electronic signing from BankID to complete the onboarding through the mutual signing of an agreement governing the customer relationship
- AML flow: Authenticate the user and employ BankID AML to retrieve more end-user information
The simple onboarding flow is an extension of our Authentication product, and it opens up the possibility for the merchant to get the end users explicit consent to store their national identity number as a part of the onboarding process. As such, this solution is relevant for you if you need to store the end user's national identity number in your own systems.
To get started with this approach:
|Step||What you do||Endpoint||Method||Considerations||Remarks|
Get the key properties of the OIDC provider
|2||Build the authorization URL, and redirect the user to the authorization endpoint||authorize||GET|
In the callback, make sure to check for error and matching states
|The user authenticates with selected IDP method|
|3||Exchange authorization code for tokens||token||POST|
Use the ID token to identify the user.
|4||Fetch our public keys and use these to validate token signatures||jwk||GET|
|5||Make a new authorize-request||authorize||GET||Include scope ||This will prompt the end-user consent for sharing their national identity number with you. For more, see consent handling|
|6||Exchange authorization code for tokens||token||POST||Check matching |
|7||Download national identity number from the TINFO resource sever||userinfo||GET||Use Access token from 6) as Bearer token||If the user has not given consent, you won't be able to download this from the resource server.|
Please note that merchants must be provisioned to get access to the
nnin scopes. You'll need a legal reason to store and use national identity numbers. This access is given as a part of the commercial agreement process.
For some merchants, the customer onboarding process culminates in an agreement between the merchant and the end user. For such use cases, the electronic signing products from BankID can be employed to ensure a smooth way to close the deal. Please refer to our documentation for signing documents online.
Businesses that are subject to anti money laundering legislation, should also consider our AML product. This may be implemented as an extension of the Authentication flow, where the merchant will also receive more data concerning the end user:
- The end user's address, gender, birthplace and citizenship
- Whether the end user appears on sanction lists or is a politically exposed person (which should force escalated measures from the merchant in terms of due diligence)
Please refer to our BankID AML page to learn more about this product.