Page tree
Skip to end of metadata
Go to start of metadata

This article describes how to set up login to a web resource with Freja eID as the authentication method in Nexus Hybrid Access Gateway.

Freja eID is an electronic identity on your mobile device that allows you to log in, sign and approve transactions and agreements with your fingerprint or PIN. With Freja eID+, you will get an eID officially approved by the Swedish E-identification board with the quality mark Svensk e-legitimation. You can configure Hybrid Access Gateway to only accept Freja eID+.

To see more information about Freja eID, go to https://frejaeid.com.

With the introduction of Freja eID, Hybrid Access Gateway now supports three different Swedish eIDs. It supports (Mobilt) BankID and Freja eID over a native interface and AB Svenska Pass over SAML. Freja eID and AB Svenska Pass are approved by E‑legitimations­­nämnden and are therefore compliant with eIDAS.

Expand/Collapse All

 Register for Freja eID basic
  1. Download the Freja eID mobile app.
  2. Register a profile, you use your email address as username.
 Register for Freja eID+
  1. Download the Freja eID mobile app.
  2. Register a profile, you use your social security number as username.
  3. You must also provide a copy of your driver licence or passport.
  4. A video will be recorded of your face to compare with the picture on your driver licence or passport.

Prerequisites

 Prerequisites

Before setting up Freja eID, you need the following:

Step-by-step instruction

Set up Freja eID authentication 

 Log in to Hybrid Access Gateway administration interface
  1. Log in to the Hybrid Access Gateway administration interface with your admin user.
 Add Freja eID as authentication method
  1. In the Hybrid Access Gateway administration interface, go to Manage System > Authentication Methods.
  2. Click Add Authentication Method...
  3. Check Freja. Click Next >.
  4. In General Settings, enter a Display Name. The display name is shown to end users when they log in.
  5. Browse for and select the Client SSL Certificate that you received with the Freja eID registration (it is a .pfx file).
  6. Enter the Certificate Password.
  7. In Freja Service Base URL, the URL is pre-filled with: https://services.prod.frejaeid.com/

    The URL is pre-filled with "prod" meaning that this is the URL that shall be used for production environment. To use a test environment, change "prod" to "test".

  8. In User Info Type, select how a user shall authenticate: Email (Basic level - LoA1) or SSN (Plus level - LoA3).

  9. Click Add Authentication Method Server… and select an authentication server.
    Click Next >.
  10. Configure RADIUS reply if applicable.
  11. Click Next > and then Finish Wizard.
  12. Click Publish, that is marked blue, showing that updates have been done.
 Add server certificate

See "Add certificate authority" in the Add certificates article.

Client certificate and server certificate are configured to secure the communication between HAG and the Freja service.

 Add extended properties

A user with the same email address or social security number as the one in Freja eID must be available in HAG.

Follow these steps:

  1. In the Hybrid Access Gateway administration interface, go to Manage System > Authentication Methods.
  2. Select the Freja method that you configured before.
  3. Go to the Extended Properties tab.
  4. Click Add Extended Property...
  5. Define the Value of the User attribute. The value is the attribute name in the AD that contains the user id.
    1. For Freja eID it is the attribute for the email address
    2. For Freja eID+ it is the attribute name for the SSN.

      A user storage must be connected in order to map the SSN to any user storage attribute (AD attribute). 

  6. Click Add.
  7. Click Finish Wizard and then click Publish.
 Options for Freja eID+

When you use Freia eID+ as authentication method, you will see two fields:

  • Country (Not editable. At the moment only Sweden (SE) is available as country.)
  • SSN (Editable)

These Extended Properties options can be set:

  1. In the Hybrid Access Gateway administration interface, go to Manage System > Authentication Methods.
  2. Select the Freja method.
  3. Go to the Extended Properties tab.
  4. Click Add Extended Property...
  5. Select a key, click the ?-sign for help:
    1. Allow user not listed in any User Storage, used, for example, for a temporary user that is not included in Hybrid Access Gateway, set the value to true (or false)
    2. Force create user, a user is created in HAG, if not already existing.
    3. Freja country code editable, true or false (for future releases)
    4. Freja country code, add a value (for future releases)