11th September 2025
11th September 2025
Changes to Authentication System to increase security
To increase security for authentication and further protect data of users, Digital Iceland changes the Single Sign-On (SSO) in its Authentication Service.
From 23 September, single sign-on will no longer be automatically enabled for all users. Instead, institutions that have implemented the Ísland.is Authentication Service must select separately to activate single sign-on if they choose to do so.
How does the Authentication Service Work Today?
Single Sign-On allows users to log in at once and thus access multiple systems without further logins.
For example: a user logs in to My pages on Ísland.is but then can open in the same browser, e.g. Heilsuvera or Tax Administration's Service page, without re-authentication. This is called a single sign-on.
Reason for the change
The amendment is intended to ensure greater user safety since a possible security vulnerability has been identified which could affect the identification through single login. The amendment means that single sign-on will no longer be automatically enabled, but can be enabled by public bodies themselves.
Effects on public sector bodies
Organisations that do not wish to use single registration: no actions required
Organisations that wish to continue to use single sign-on for authentication: need to update those settings according to the guidelines
Impact on individuals and businesses
Users who use digital public services will feel that in some cases they have to log in again between systems.
In the example above, a user who has already logged on to My pages on Ísland.is will not be able to access Heilsuvera directly without re-authenticating.
Public entities are encouraged to examine the current usage of the Iceland.is Authentication Service and evaluate and decide whether they want to continue with a single login or not.
More information on the change can be requested via island@island.is