Nexus' software components have new names:

Nexus PRIME -> Smart ID Identity Manager
Nexus Certificate Manager -> Smart ID Certificate Manager
Nexus Hybrid Access Gateway -> Smart ID Digital Access component
Nexus Personal -> Smart ID clients

Go to Nexus homepage for overviews of Nexus' solutions, customer cases, news and more.


Skip to end of metadata
Go to start of metadata

This article describes how to set up login to a web resource with Freja eID as the authentication method in Smart ID Digital Access component (Hybrid Access Gateway).

With Freja eID+, you will get an eID officially approved by the Swedish E-identification board with the quality mark Svensk e-legitimation. You can configure Digital Access component to only accept Freja eID+.

To see more information about Freja eID, go to https://frejaeid.com.

With the introduction of Freja eID, Digital Access component now supports three different Swedish eIDs. It supports (Mobilt) BankID and Freja eID over a native interface and AB Svenska Pass over SAML. Freja eID and AB Svenska Pass are approved by E‑legitimations­­nämnden and are therefore compliant with eIDAS.

Expand/Collapse All

Preparations

 Register for Freja eID basic
  1. Download the Freja eID mobile app.
  2. Register a profile, use your email address as username.
 Register for Freja eID+
  1. Download the Freja eID mobile app.
  2. Register a profile, use your social security number as username.
  3. You must also provide a copy of your driver licence or passport.
  4. A video will be recorded of your face to compare with the picture on your driver licence or passport.
  5. Optional: Register a company profile based on your personal profile.

Prerequisites

 Prerequisites

Before setting up Freja eID, you need the following:

Step-by-step instruction

 Log in to Digital Access Admin
  1. Log in to Digital Access Admin with an administrator account.
 Add Freja eID as authentication method
  1. In Digital Access Admin, go to Manage System > Authentication Methods.
  2. Click Add Authentication Method...
  3. Check Freja. Click Next >.
  4. In General Settings, enter a Display Name. The display name is shown to end users when they log in.
  5. Browse for and select the Client SSL Certificate that you received with the Freja eID registration (it is a .pfx file).
  6. Enter the Certificate Password.
  7. In Freja Service Base URL, the URL is pre-filled with: https://services.prod.frejaeid.com/

    The URL is pre-filled with "prod" meaning that this is the URL that shall be used for production environment. To use a test environment, change "prod" to "test".

  8. If you want to authenticate against the Freja Organisation eID interface, click Use Organisation ID Service.
  9. In User Info Type, select how a user shall authenticate: Email (Basic level - LoA1) or SSN (Plus level - LoA3).
    If Use Organisation ID Service is enabled, the value ORG_ID is available.

  10. In Enforce Freja eID+ authentication select which level of authentication shall be used: BASIC, PLUS or EXTENDED.
  11. Select Show QR Code to display a QR code during authentication that can be scanned with the Freja app.

    If QR code is to be used, then extended property "Attributes to return "and "User ID Attribute" are mandatory.

  12. Configure RADIUS reply if applicable.
  13. Click Next > and then Finish Wizard.
  14. Click Publish, that is marked blue, showing that updates have been done.
 Add server certificate

See "Add certificate authority" in the Add certificates in Digital Access article.

Client certificate and server certificate are configured to secure the communication between Digital Access component and the Freja service.

 Add extended properties

A user with the same email address or social security number as the one in Freja eID must be available in the Digital Access component.

Follow these steps:

  1. In Digital Access Admin, go to Manage System > Authentication Methods.
  2. Select the Freja method that you configured before.
  3. Go to the Extended Properties tab.
  4. Click Add Extended Property...
  5. Define the Value of the User attribute. The value is the attribute name in the AD that contains the user id.
    1. For Freja eID it is the attribute for the email address.
    2. For Freja eID+ it is the attribute name for the SSN.

      A user storage must be connected in order to map the SSN to any user storage attribute (AD attribute). 

  6. Click Add.
  7. Click Finish Wizard and then click Publish.
 Add user attributes to return

After successful authentication, Digital Access can receive different kind of user attributes from Freja. Use the Extended Attribute "Attributes to return" for this.

Follow these steps:

  1. In Digital Access Admin, go to Manage System > Authentication Methods.
  2. Select the Freja method that you configured before.
  3. Go to the Extended Properties tab.
  4. Click Add Extended Property...
  5. Define the Value of the Attributes to return.
  6. Click Help for list of available attributes.
  7. Click Add.
  8. Click Finish Wizard and then click Publish.
 Options for Freja eID+

When you use level PLUS for Freja authentication, you will see two fields:

  • Country (Not editable. At the moment only Sweden (SE) is available as country.)
  • SSN (Editable)

These Extended Properties options can be set:

  1. In Digital Access Admin, go to Manage System > Authentication Methods.
  2. Select the Freja method.
  3. Go to the Extended Properties tab.
  4. Click Add Extended Property...
  5. Select a key, click the ?-sign for help:
    1. Allow user not listed in any User Storage, used, for example, for a temporary user that is not included in Hybrid Access Gateway, set the value to true (or false)
    2. Force create user, a user is created in Digital Access component, if not already existing.
    3. Freja country code editable, true or false (for future releases)
    4. Freja country code, add a value (for future releases)