Setting up MitID for test

First of all, you may test MitID, without any further setup or onboarding needed. You will, however, not be able to use the styling capabilities that are available for MitID.

Instead, we suggest that you get explicitly onboarded to the MitID test environment to fully test your integration including customizability of styling.

Register for test access

  1. Go to the management dashboard and set the environment toggle at the top center to “TEST”
  2. In the “Identity sources” section, expand the “DK MitID” section
  3. Submit the details for your company. Note the following:
    • The name to show in the MitID login box is the name entered in the “Company alias” box
    • The “Domain prefix” is typically your company or brand name, e.g. acme-corp. Once this registration is completed, this is used to set up your MitID domain, in this case acme-corp.pp.mitid.dk.
  4. Criipto sends the information to Nets where the domain is set up as explained in the previous step. Once the domain has been set up, it will appear in the “Domains” section.

Expect this process to take 2-5 workdays.

Complete the onboarding process

  1. Once you receive a confirmation from Criipto (via email), go back to the “Identity sources” section and open “DK MitID”. Once Criipto has processed your registration and Nets has set up the mitid.dk domain, the Complete button will become active for you to click
  2. Configure the various options that appear after the onboarding completes.
    • If you use our service for NemID as well, select a NemID fallback domain. Note this is only relevant if you, for some reason, send requests directly to your mitid.dk domain.
    • If you need access to the end-user’s CPR number, make sure the Add CPR for MitID logins toggle is enabled.
    • In contrast to NemID, not all MitID users have a CPR number. If your application can handle the case of a missing CPR, you may enable the CPR Optional toggle. This will let MitID users without a CPR number log in to your service.
    • If you want to use our side-by-side feature for showing both MitID and NemID login options, make sure the Also offer MitID login when NemID is requested-toggle is enabled.

Set up an application on your MitID domain

  1. Register your application, just as you would for all other integrations.
  2. IMPORTANT: If you want to use NemID and MitID side-by-side, you must create a “shadow” application with the same Client ID/Realm and Callback URLs as the application you currently use for NemID. This is necessary to make the switching back and forth between MitID and NemID function.

Validating token signatures for MitID

MitID comes with a new approach to storing and using token signing keys. There will be a distinct token signing key in use for MitID, in addition to the one you use for other types of e-ID, such as NemID. Criipto Verify announces all of these signing keys in the metadata documents for your domains (see work with metadata for a primer on this subject).

Most modern OIDC libraries have built-in support for dynamic metadata retrieval, so all this should be handled for you behind the scenes.

Dynamic metadata retrieval is also necessary to achieve minimal disruption for your applications in an ordinary key rollover as well as disaster recovery scenarios.