Page tree
Skip to end of metadata
Go to start of metadata

Nexus Hybrid Access Gatway support authentication using the Swedish national eID BankID. With Hybrid Access Gateway you can let your users authenticate with BankID on smartcard, file or by using a smartphone with Mobile BankID. There are multiple ways to connect Hybrid Access Gateway to the service for validation of BankID and Mobile BankID. By using a national eID such as BankID you can easily and securely enable your services for a large number of customers without the burden of managing their credentials and authentication methods.BankID is an electronic identification solution that allows companies, banks, organizations and governments agencies to authenticate and conclude agreements with individuals over the Internet. BankID is an electronic identity document comparable to passports, drivers licenses and other physical identity documents. Since Swedish banks are the issuers of the BankID credentials, the users obtain their BankID from their bank. Normally using their Internet bank and a self service to obtain the BankID or Mobile BankID. In this way you will not carry the burden of providing, or managing the lifecycle of your end users eIDs. This also means that you will get instant access to one or several secure ways to authenticate a large number of your end users.

Nexus Hybrid Access Gateway is a flexible solution for enabling strong authentication using national eIDs like BankID and Mobile BankID. When using Hybrid Access Gateway for authentication with BankID or Mobile BankID all you need to do is configure Hybrid Access Gateway to connect to an API. There is no need to develop specific support for the National eID within your own organization.

Swedish BankID and Mobile BankID can be used in Hybrid Access Gateway in the following ways:

Nexus GO

When using Nexus GO for BankID authentication you connect the cloud service Nexus GO provided by Nexus. Nexus GO provides a self service portal where you easily can register and subscribe to the Nexus GO service for BankID and Mobile BankID authentication. All information about how to connect Hybrid Access Gateway to Nexus GO is provided in the portal and you can start using BankID for authentication in minutes. Nexus GO will manage all contacts with the re-sellers of BankID and will also act as the relying party to the BankID service.

For more information, see Nexus GO Authentication and Set up Nexus GO as an authentication method.

SAML federation

Nexus Managed Services offers authentication with BankID and Mobile BankID using the SAML 2.0 standard. Hybrid Access Gateway supports the SAML 2.0 standard and can connect to any service, providing BankID authentication using the SAML 2.0 standard. Nexus Managed Services will manage all contacts with the re-sellers of BankID and will also act as the relying party to the BankID service. The SAML 2.0 support is also used to connect Hybrid Access Gateway to eIDAS and the Swedish eID system for nationl eIDs.

For more information, see SAML 2.0 federation.

BankID web service API

When using a direct integration to the web service API for relying parties from BankID, Hybrid Access Gateway is configured to connect directly to the BankID services. You will need to subscribe for the BankID service from one of the banks that are reselling the BankID service.

To manage the generation shift of the root certificate protecting the Swedish BankID service, the new end point of the service needs to be configured until 1 June 2019. The previous used endpoint will be disabled after.

To make the change, the new endpoint needs to be configured as extended property of the Swedish BankID authentication method. The new value is The new end point is protected using a new root CA, which is available in the guidelines of Swedish BankID itself, found at The new root certificate must be uploaded as trusted CA Certificate to Hybrid Access Gateway.

Consumers of the Nexus GO authentication method can ignore this information. Nexus GO already uses the new interface.

This article is valid from Hybrid Access Gateway 5.13.1

Related information

  • No labels