This article is valid for Smart ID 20.06.1 and later.
This article describes how to set up login to a web resource with Freja eID as the authentication method in Smart ID Digital Access component.
With Freja eID+, you will get an eID officially approved by the Swedish E-identification board with the quality mark Svensk e-legitimation. You can configure Digital Access component to only accept Freja eID+.
To see more information about Freja eID, go to https://frejaeid.com.
With the introduction of Freja eID, Digital Access component now supports three different Swedish eIDs. It supports (Mobilt) BankID and Freja eID over a native interface and AB Svenska Pass over SAML. Freja eID and AB Svenska Pass are approved by E‑legitimationsnämnden and are therefore compliant with eIDAS.
Register for Freja eID basic
Download the Freja eID mobile app.
Register a profile, use your email address as username.
Register for Freja eID+
Download the Freja eID mobile app.
Register a profile, use your social security number as username.
You must also provide a copy of your driver licence or passport.
A video will be recorded of your face to compare with the picture on your driver licence or passport.
Optional: Register a company profile based on your personal profile.
Prerequisites
Before setting up Freja eID, you need to do the following:
Add Freja eID as authentication method
In Digital Access Admin, go to Manage System > Authentication Methods.
Click Add Authentication Method...
Check Freja. Click Next >.
In General Settings, enter a Display Name. The display name is shown to end users when they log in.
Browse for and select the Client SSL Certificate that you received with the Freja eID registration (it is a .pfx file).
Enter the Certificate Password.
In Freja Service Base URL, the URL is pre-filled with: https://services.prod.frejaeid.com/
The URL is pre-filled with "prod" meaning that this is the URL that shall be used for production environment. To use a test environment, change "prod" to "test".
If you want to authenticate against the Freja Organisation eID interface, click Use Organisation ID Service.
In User Info Type, select how a user shall authenticate: Email (Basic level - LoA1) or SSN (Plus level - LoA3).
If Use Organisation ID Service is enabled, the value ORG_ID is available.
In Enforce Freja eID+ authentication select which level of authentication shall be used: BASIC, PLUS or EXTENDED.
Select Show QR Code to display a QR code during authentication that can be scanned with the Freja app. If QR code is to be used, the extended property "Attributes to return" and "User ID Attribute" are mandatory.
Configure RADIUS reply if applicable.
Click Next > and then Finish Wizard.
Click Publish, that is marked blue, showing that updates have been done.
Add server certificate
See "Add certificate authority" in the Add certificates in Digital Access article.
Client certificate and server certificate are configured to secure the communication between Digital Access component and the Freja service.
Add extended properties
A user with the same email address or social security number as the one in Freja eID must be available in the Digital Access component.
Follow these steps:
In Digital Access Admin, go to Manage System > Authentication Methods.
Select the Freja method that you configured before.
Go to the Extended Properties tab.
Click Add Extended Property...
Define the Value of the User attribute. The value is the attribute name in the AD that contains the user id.
For Freja eID it is the attribute for the email address.
For Freja eID+ it is the attribute name for the SSN.
A user storage must be connected in order to map the SSN to any user storage attribute (AD attribute)
Click Add.
Click Finish Wizard and then click Publish.
Add user attributes to return
After successful authentication, Digital Access can receive different kind of user attributes from Freja. Use the Extended Attribute "Attributes to return" for this.
Follow these steps:
In Digital Access Admin, go to Manage System > Authentication Methods.
Select the Freja method that you configured before.
Go to the Extended Properties tab.
Click Add Extended Property...
Define the Value of the Attributes to return.
Click Help for list of available attributes.
Click Add.
Click Finish Wizard and then click Publish.
Options for Freja eID+
When you use level PLUS for Freja authentication, you will see two fields:
These Extended Properties options can be set:
In Digital Access Admin, go to Manage System > Authentication Methods.
Select the Freja method.
Go to the Extended Properties tab.
Click Add Extended Property...
Select a key, click the ?-sign for help:
Allow user not listed in any User Storage, used, for example, for a temporary user that is not included in Hybrid Access Gateway, set the value to true (or false)
Force create user, a user is created in Digital Access component, if not already existing.
Freja country code editable, true or false (for future releases)
Freja country code, add a value (for future releases)