Organisation ID Service
This page:
Related pages:
The Freja eID Organisation ID service allows Relying Parties to set a specific, organisation-related identifier to any user. The end user will have previously downloaded the Freja eID mobile application on one or more iOS or Android devices they possess, and registered an account in Freja eID, allowing Relying Parties to refer to them through the use of one or more usernames.
The Organisation ID service is available to end users that have Freja eID Extended (users whose identity has been validated with an ID document) or Plus (users who, in addition to Extended, have had a physical meeting as a further measure of security; this level is only available in Sweden.)
Before you begin
There are several technical requirements that must be in place before the implementation can start. Please complete the checklist below before proceeding:
- Obtain an SSL client certificate providing you access to the Freja eID test environment.
- Import Freja eID Test root certificate as trusted into the trust store of your application.
- Using Freja eID mobile application, register one or more users with the Freja eID Test infrastructure.
Production checklist
In order to use Freja eID in a production environment, you must fulfil the following:
- Sign a contract allowing your organisation to access the production Freja eID Organisation ID service.
- Provide Freja eID with a logo suitable to represent your organisation in the mobile application, as well as a display name and a short description. Please note that:
- The logo must be delivered in one of the vector file formats: AI (Adobe Illustrator Artwork), EPS (Encapsulated PostScript) or editable PDF (Portable Document Format). The preferable format is AI (filename extension is .ai).
- The display name is restricted to maximum length of 20 characters and the description should not exceed 75 characters. The URL can be up to 100 characters long.
- Obtain an SSL client certificate providing you access to the Freja eID production environment.
- Import Freja eID Production root certificate as trusted into the trust store of your application.
Initiate Add Organisation ID method
This method is used by a Relying Party to initiate a transaction for setting an Organisation ID title, identifier name and the identifier itself to a user. The identifier must be unique within the Relying Party's system. If the Organisation ID is set for a user multiple times, the title, identifier name and the identifier will be overridden and the last ones will be active.
The method is called using HTTP POST through the URLs below:
System | Method endpoints |
---|---|
Test | https://services.test.frejaeid.com/organisation/management/orgId/1.0/initAdd |
Production | https://services.prod.frejaeid.com/organisation/management/orgId/1.0/initAdd |
The parameter of the method is a Base64 UTF8-encoded JSON payload according to the following:
Parameter name | Value | |
---|---|---|
initAddOrganisationIdRequest | { "userInfoType":"User info type", "userInfo":"User information corresponding to user info type", "minRegistrationLevel":"Minimum required registration level of a user", "expiry":"Expiry time for the request", "organisationId":{ "title":"Title of the Organisation ID to be displayed to the end user", "identifierName":"Name of specific organisation identifier", "identifier":"Value of specific organisation identifier", "identifierDisplayTypes": ["QR_CODE","TEXT"], "additionalAttributes": [{"key":"attribute_key", "displayText":"attribute_display_name", "value":"attribute_value"} ] } } userInfoType: string, mandatory. Describes the type of user information supplied to identify the end user. Currently one of:
userInfo: string, mandatory, 256 characters maximum. If userInfoType is EMAIL or PHONE, interpreted as a string value of the email or telephone number of the end user, respectively. If userInfoType is SSN, then it must be a Base64 encoding of the ssnuserinfo JSON structure described below. | |
ssnuserinfo | { "country":"Country of SSN", "ssn":"Social security number of the end user" } country: string, mandatory. Contains the ISO-3166 two-alphanumeric country code of the country where the SSN is issued. In the current version of Freja eID, one of: ''SE'' (Sweden), ''NO'' (Norway), ''FI'' (Finland), ''DK'' (Denmark).
| |
minRegistrationLevel: string, optional. Minimum required registration level of a user in order to approve/decline transaction for adding Organisation eID. Can be EXTENDED or PLUS. If not present, default level will be EXTENDED. expiry: long, optional. Describes the time until which the Relying Party is ready to wait for the user to confirm the initAddOrganisationId request. Expressed in milliseconds since January 1, 1970, 00:00 UTC. Minimum value is current time +2 minutes, maximum value is current time +30 days. If not present, defaults to current time +7 days. | ||
organisationId | { "title":"Title of the Organisation ID to be displayed to the end user", "identifierName":"Name of specific organisation identifier", "identifier":"Value of specific organisation identifier", "identifierDisplayTypes": ["QR_CODE","TEXT"], "additionalAttributes":[{"key":"attribute_key", "displayText":"attribute_display_name", "value":"attribute_value"} ] } title: string, mandatory, 64 characters maximum. The title of the Organisation ID which will be displayed to the end user in the app, on the Organisation ID card and the Organisation ID screen itself. identifierName: string, mandatory, 30 characters maximum. The name of the specific organisation identifier to be set for the end user. identifier: string, mandatory, 128 characters maximum. The value of the specific organisation identifier to be set for the end user. Must be unique within the requesting relying party system inside the Freja eID service. identifierDisplayTypes: identifierDisplayTypes: list of identifier types, optional. Can be QR_CODE or TEXT, both or neither. If additionalAttributes: list of Organisation ID attributes, optional. The maximum number of additional attributes is 10. One attribute contains the key (maximum 64 characters), displayText as friendly name (maximum 64 characters) and value (maximum 256 characters), displayTypes which are not supported yet. Regarding OrgID Customisation For more personalisation and flexibility regarding OrgID design, we can offer our OrgID Templates which allow for full customisability of the OrgID. For more information please get in touch with partnersupport@frejaeid.com. |
What your users will see
Here you can see a depiction of what your users will see in the mobile application.
Before the user approves Organsation ID
The user will receive a transaction in their Freja mobile application that they need to approve. In this example, the parameters of organisationId you set in the initAddOrganisationIdRequest are: title: Frejviks kommun ID identifier name: Anställningsnummer identifier: 476-0598 The rest of the text is localised in the Freja mobile application. |
After the user approves Organisation ID
After approving, this card will be generated for the user in the Freja mobile application. Out of the parameters mentioned above, the only one shown here is the title: Frejviks kommun ID. | |
The user can open the Organisation ID screen. The following has been set by your Organisation: title: Frejviks kommun ID identifier name: Anställningsnummer identifier: 476-0598 The name and surname of the employee comes from our database. |
Examples with various userInfoTypes
Example request with userInfoType set to EMAIL: |
---|
If you wish to initiate an 'Add Organisation ID' request for a user with an email address joe.black@verisec.com, follow these steps:
The HTTP body should be the following (compact format, line broken for clarity only): initAddOrganisationIdRequest=eyJ1c2VySW5mb1R5cGUiOiJFTUFJTCIsInVzZXJJbmZvIjoi am9lLmJsYWNrQHZlcmlzZWMuY29tIiwibWluUmVnaXN0cmF0aW9uTGV2ZWwiOiJFWFRFTkRFRCIsI mV4cGlyeSI6MTUxNzUyNjAwMDAwMCwib3JnYW5pc2F0aW9uSWQiOiB7ICJ0aXRsZSI6IlZlcmlzZW MgSUQiLCAiaWRlbnRpZmllck5hbWUiOiJEb21haW4gbmFtZSIsICJpZGVudGlmaWVyIjoidmVqb2R vZSIgfX0= |
Example request with userIntoType set to PHONE: |
---|
If you wish to initiate an 'Add Organisation ID' request for a user with a phone number '+46731234567':
The HTTP body should be the following: initAddOrganisationIdRequest=eyJ1c2VySW5mb1R5cGUiOiJQSE9ORSIsInVzZXJJbmZvIjoiK zQ2NzMxMjM0NTY3IiwibWluUmVnaXN0cmF0aW9uTGV2ZWwiOiJFWFRFTkRFRCIsImV4cGlyeSI6MTU xNzUyNjAwMDAwMCwib3JnYW5pc2F0aW9uSWQiOiB7ICJ0aXRsZSI6IlZlcmlzZWMgSUQiLCAiaWRlb nRpZmllck5hbWUiOiJEb21haW4gbmFtZSIsICJpZGVudGlmaWVyIjoidmVqb2RvZSIgfX0= |
Example request with userIntoType set to SSN: |
---|
If you wish to initiate an 'Add Organisation ID' request for a user with an SSN '198905218072' and country 'SE':
The HTTP body should be the following: initAddOrganisationIdRequest=eyJ1c2VySW5mb1R5cGUiOiJTU04iLCJ1c2VySW5mbyI6ImV5S mpiM1Z1ZEhKNUlqb2lVMFVpTENKemMyNGlPaUl4T1RnNU1EVXlNVGd3TnpJaWZRPT0iLCJtaW5SZWd pc3RyYXRpb25MZXZlbCI6IkVYVEVOREVEIiwiZXhwaXJ5IjoxNTE3NTI2MDAwMDAwLCJvcmdhbmlzY XRpb25JZCI6IHsgInRpdGxlIjoiVmVyaXNlYyBJRCIsICJpZGVudGlmaWVyTmFtZSI6IkRvbWFpbiB uYW1lIiwgImlkZW50aWZpZXIiOiJ2ZWpvZG9lIiB9fQ== |
Example request with userIntoType set to INFERRED: |
---|
If you wish to initiate an 'Add Organisation ID' request for a user via a QR code:
The HTTP body should be the following: initAddOrganisationIdRequest=eyJ1c2VySW5mb1R5cGUiOiJJTkZFUlJFRCIsInVzZXJJbmZvI joiTi9BIiwibWluUmVnaXN0cmF0aW9uTGV2ZWwiOiJFWFRFTkRFRCIsImV4cGlyeSI6MTUxNzUyNjA wMDAwMCwib3JnYW5pc2F0aW9uSWQiOiB7ICJ0aXRsZSI6IlZlcmlzZWMgSUQiLCAiaWRlbnRpZmllc k5hbWUiOiJEb21haW4gbmFtZSIsICJpZGVudGlmaWVyIjoidmVqb2RvZSIgfX0= |
Example request with identifierDisplayTypes and additionalAttributes: |
---|
If you wish to initiate an 'Add Organisation ID' request for a user via a QR code:
The HTTP body should be the following: initAddOrganisationIdRequest=eyJ1c2VySW5mb1R5cGUiOiJJTkZFUlJFRCIsInVzZXJJbmZvIjoi Ti9BIiwibWluUmVnaXN0cmF0aW9uTGV2ZWwiOiJFWFRFTkRFRCIsImV4cGlyeSI6MTUxNzUyNjAwMDAwM CwKIm9yZ2FuaXNhdGlvbklkIjogeyAidGl0bGUiOiJWZXJpc2VjIElEIiwgImlkZW50aWZpZXJOYW1lIj oiRG9tYWluIG5hbWUiLCAiaWRlbnRpZmllciI6InZlam9kb2UiLCJpZGVudGlmaWVyRGlzcGxheVR5cGV zIjpbIlFSX0NPREUiLCJURVhUIl0sCiJhZGRpdGlvbmFsQXR0cmlidXRlcyI6W3sia2V5IjoiVVNFUl9J RCIsImRpc3BsYXlUZXh0IjoiSUQiLCJ2YWx1ZSI6IjEyMzQ1Njc4OSJ9XSB9fQ== |
Possible errors returned by the method are the following:
Return code | Explanation |
---|---|
1001 | Invalid or missing userInfoType. |
1002 | Invalid or missing userInfo. |
1004 | You are not allowed to call this method. |
1005 | The user has not enabled your service. |
1007 | Invalid min registration level. |
1008 | Unknown Relying Party. |
1009 | You are not allowed to request integratorSpecificUserId parameter. |
1010 | JSON request cannot be parsed. |
1012 | User with the specified userInfo does not exist in the Freja eID database. |
4000 | Invalid or missing Organisation ID identifier. |
4002 | This Organisation ID identifier is already used. |
4003 | Invalid expiry. |
4004 | Invalid or missing Organisation ID title. |
4005 | Invalid or missing Organisation ID identifier name. |
4006 | Invalid or missing Organisation ID. |
4008 | Invalid display type. |
4009 | Invalid additional attributes. |
If HTTP 200 is returned from the method, the following return value will be present in the body of the response:
JSON Response Value in body |
---|
{ "orgIdRef":"Reference to be submitted in getOneResult method" } orgIdRef: string, mandatory. A reference unique to the transaction, that can be used to query the result of a specific transaction for adding Organisation ID (see Get One Organisation ID Result method below). |
Get One Organisation ID Result method
The method is called using HTTP POST through the URLs below:
System | Method endpoint |
---|---|
Test | https://services.test.frejaeid.com/organisation/management/orgId/1.0/getOneResult |
Production | https://services.prod.frejaeid.com/organisation/management/orgId/1.0/getOneResult |
The parameter of the method is a Base64 UTF8-encoded JSON payload according to the following:
Parameter name | Value | |
---|---|---|
getOneOrganisationIdResultRequest | { "orgIdRef":"Organisation ID reference" } orgIdRef: string, mandatory. The value must be equal to a reference previously returned from a call to the Initiate Add Organisation ID method. The time period during which a specific reference is available for checking will depend on the longevity of the operation (see the expiry parameter in the Initiate Add Organisation ID method) and is calculated as the expiry time plus 3 days. |
Example request: |
---|
If you wish to fetch an Organisation ID result with the reference previously returned from a call to initAddOrganisationIdRequest (for a user with an email address: joe.black@verisec.com), follow these steps:
The HTTP body should be the following (compact format, line broken for clarity only): getOneOrganisationIdResultRequest=eyJvcmdJZFJlZiI6IlRyTEE5emR4Q0JsTk9RTnZrZGh BTTE0bUptbEwyMGRpZ0M3K1FnRVZSd21FN1NIOFFtMHN3V0ljNndoZkttNFkifQ== |
Possible errors returned by the method are the following:
Return code | Explanation |
---|---|
1004 | You are not allowed to call this method. |
1008 | Unknown Relying Party. |
1100 | Invalid reference (for example, nonexistent or expired). |
If HTTP 200 is returned from the method, the following return value will be present in the body of the response:
JSON Response Value in body | |
---|---|
Response body | { "orgIdRef":"Organisation ID reference", "status":"Status of Organisation ID transaction", "details":"Signed data, see below" } orgIdRef: string, mandatory. The reference of the Add Organisation ID request. status: string, mandatory. One of:
details: A signed object (see below), optional. Provides details and evidence of the signing if status was equal to APPROVED. |
details | The content of this response element will contain a JWS in compact serialised form as following: BASE64URL(UTF8(JWS Protected Header)) || ’.’ || BASE64URL(JWS Payload) || ’.’ || BASE64URL(JWS Signature) JWS Protected Header { "x5t":"SHA-1 digest of the signing certificate", "alg":"Algorithm used to secure the JWS" } x5t: mandatory, Base64URL encoding of the certificate's SHA-1 digest. JWS Payload { "orgIdRef":"Organisation ID reference", "status":"Status of Organisation ID transaction", "userInfoType":"User info type", "userInfo":"User information corresponding to user info type", "minRegistrationLevel":"Minimum required registration level of a user", "timestamp":"Time when transaction was approved by end user", "signatureType":"Signature type", "signatureData":{ "userSignature":"The signature produced by the end user", "certificateStatus":"Evidence of end-users certificate status" } } orgIdRef: See orgIdRef above. status: See status above. userInfoType: See userInfoType as described in Initiate Add Organisation ID method. userInfo: See userInfo as described in Initiate Add Organisation ID method. minRegistrationLevel: See registrationLevel as described in Initiate Add Organisation ID method. timestamp: long, mandatory. Describes the time when the confirmation by the end user was validated on Freja eID server side. Expressed in milliseconds, since January 1, 1970, 00:00 UTC. signatureType: string, mandatory. For the Organisation ID service, this field has value SIMPLE. See signatureType as described in Signature Services. signatureData: see fields below, mandatory. userSignature: the produced signature, string, mandatory. Contains the user's signature in the requested format. The user's signature will implicitly contain the signed text which will contain Organisation ID identifier set to the user. certificateStatus: Base64 string, mandatory. Contains the OCSP response regarding the state of the user certificate at the time of validating the signature. |
Cancel Add Organisation ID method
This method is used by a Relying Party to cancel an 'Add Organisation ID' request.
The method is called using HTTP POST through the URLs below:
System | Method endpoints |
---|---|
Test | https://services.test.frejaeid.com/organisation/management/orgId/1.0/cancelAdd |
Production | https://services.prod.frejaeid.com/organisation/management/orgId/1.0/cancelAdd |
The parameter of the method is a Base64 UTF8-encoded JSON payload according to the following:
Parameter name | Value | |
---|---|---|
cancelAddOrganisationIdRequest | { "orgIdRef":"Organisation ID reference" } orgIdRef: string, mandatory. The value must be equal to an Organisation ID reference previously returned from a call to the Initiate Add Organisation ID method. |
Example request: |
---|
If you wish to cancel an Add Organisation ID request, follow these steps:
The HTTP body should be the following (line broken for clarity only): cancelAddOrganisationIdRequest=eyJvcmdJZFJlZiI6IlRyTEE5emR4Q0JsTk9RTnZrZGhBTTE 0bUptbEwyMGRpZ0M3K1FnRVZSd21FN1NIOFFtMHN3V0ljNndoZkttNFkifQ== |
Possible errors returned by the method are the following:
Return code | Explanation |
---|---|
1004 | You are not allowed to call this method. |
1008 | Unknown Relying Party. |
1100 | Invalid reference (for example, nonexistent or expired). |
If HTTP 200 is returned from the method, the request was successfully fulfilled.
Update Organisation ID method
This method is used by a Relying Party to update additional attributes for an existing Organisation ID.
The method is called using HTTP POST through the URLs below:
System | Method endpoints |
---|---|
Test | https://services.test.frejaeid.com/organisation/management/orgId/1.0/update |
Production | https://services.prod.frejaeid.com/organisation/management/orgId/1.0/update |
The parameter of the method is a Base64 UTF8-encoded JSON payload according to the following:
Parameter name | Value | ||
---|---|---|---|
updateOrganisationIdRequest |
identifier: string, mandatory, 128 characters maximum. The value of the specific organisation identifier previously set for the end user. additionalAttributes: list of Organisation ID attributes to be updated. The maximum number of additional attributes is 10. One attribute contains the key (maximum 64 characters), displayText as friendly name (maximum 64 characters) and value (maximum 256 characters). The logic behind attributes processing is the following:
|
Example request: | |
---|---|
If you wish to update an Organisation ID, follow these steps:
The HTTP body should be the following (line broken for clarity only):
|
Possible errors returned by the method are the following:
Return code | Explanation |
---|---|
1004 | You are not allowed to call this method. |
1008 | Unknown Relying Party. |
4001 | There is no user for given Organisation ID identifier. |
4000 | Invalid or missing Organisation ID identifier. |
4009 | Invalid additional attributes. |
If HTTP 200 is returned from the method, the following return value will be present in the body of the response:
JSON Response Value in body | |
---|---|
updateStatus: JSON object, mandatory. Contains number of added, updated and deleted attributes. added: integer, mandatory. Number of added attributes. |
Delete Organisation ID method
This method is used by a Relying Party to delete an Organisation ID identifier from a user. Note that this method is not to be used if you wish to change the Organisation ID title or identifier name. This is done by calling again Initiate Add Organisation ID method.
The method is called using HTTP POST through the URLs below:
System | Method endpoints |
---|---|
Test | https://services.test.frejaeid.com/organisation/management/orgId/1.0/delete |
Production | https://services.prod.frejaeid.com/organisation/management/orgId/1.0/delete |
The parameter of the method is a Base64 UTF8-encoded JSON payload according to the following:
Parameter name | Value |
---|---|
deleteOrganisationIdRequest | { "identifier":"Value of specific organisation identifier" } identifier: string, mandatory, 128 characters maximum. The specific organisation identifier to be deleted. |
Example request |
---|
If you wish to delete an Organisation ID identifier from a user, follow these steps:
The HTTP body should be the following (line broken for clarity only): deleteOrganisationIdRequest=eyJpZGVudGlmaWVyIjoidmVqb2RvZSJ9 |
Possible errors returned by the method are the following:
Return code | Explanation |
---|---|
1004 | You are not allowed to call this method. |
1008 | Unknown Relying Party. |
4000 | Invalid or missing Organisation ID identifier. |
4001 | There is no user for given Organisation ID identifier. |
Get All Organisation ID Users method
This method is used to get information about users who have been assigned an Organisation ID. If there are no users with Organisation ID, an empty list will be returned.
This method is called using a HTTP POST through the URLs below:
System | Method Endpoints |
---|---|
Test | https://services.test.frejaeid.com/organisation/management/orgId/1.0/users/getAll |
Production | https://services.prod.frejaeid.com/organisation/management/orgId/1.0/users/getAll |
Please note that this POST does not have a request parameter.
Possible errors returned by the method are the following:
Return code | Explanation |
---|---|
1004 | You are not allowed to call this method. |
1008 | Unknown Relying party. |
If HTTP 200 is returned from the method, the following return value will be present in the body of the response:
JSON Response Value in body |
---|
[ { "organisationId" : { "title" : "Organisation ID title which is set when user approved the transaction for adding Organisation ID.", "identifierName" : "Organisation ID identifier name which is set when user approved the transaction for adding Organisation ID.", "identifier" : "Unique Organisation ID identifier which is set when user approved the transaction for adding Organisation ID." }, "ssn" : { "country" : "Country where the SSN is issued.", "ssn" : "Social security number." }, "registrationState" : "User's registration state." }, ... ] organisationId: JSON object, mandatory. Contains Organisation ID parameters which are set by the Relying Party: title, identifierName, identifier. ssn: JSON object, mandatory. Contains the ISO-3166 two-alphanumeric country code of the country where the SSN is issued. If the user is from a country where social security numbers do not exist, country will be returned while ssn will be empty. registrationState: string, mandatory. User's registration state. Possible values are: EXTENDED, VETTING_CONFIRMED and PLUS. |