Authentication system

Listen

The Ísland.is authentication system is a secure way for people to log in to digital self-service solutions provided by government agencies, non-government organisations, and companies.

The authentication system is based on the notion that there is always an individual who identifies himself/herself with an electronic ID and will therefore not share a common account. The individual's identification is important for security and traceability.

The user can choose from three ways to identify with an electronic ID:

Electronic credentials by phone. See more about how to apply for an electronic identity card by phone.
With the identity app, it allows users to identify themselves in a convenient and simple way. This identification does not require an Icelandic phone card, which can be suitable e.g. for Icelanders abroad who no longer have an Icelandic phone card. See more about how to apply for the ID app.
Identification with card ID. The user connects the ID card to his computer and can thus log in. See more about how to apply for an ID on a card.

Once an individual has identified himself, the system retrieves the permissions the user has for the website he is logging on to. This allows the user to log on on behalf of:

Corporate entity. Information regarding signing authority is retrieved from Iceland Revenue and Customs.
Children. The parents and custody connections of their children are retrieved from Registers Iceland, which returns information regarding the children over whom they have custody.
Personal spokespersons for disabled individuals. Information is retrieved from a database developed by Digital Iceland and the Disabled People's Rights Centre.
The person who has given the authority. Users can empower other parties to view their data through My pages on Island.is. Those mandates are maintained in the framework of Digital Iceland.

To know more about logging in on behalf of others, read about the authorisation system.

Benefits for government agencies

Cost
The login service is free for organizations.

One of the goals of Digital Iceland is to create reusable core services for organizations and thereby increase the synergistic effect in the operation of the government's IT systems.

With a central login service, operation, maintenance and development are done in one place.

Single sign-on
With a single sign-on service, the user experience will be the best, as the user only needs to identify once and can retrieve their data from different organizations.

The user only needs to authenticate once and can navigate between sites that have implemented login services without logging in again for a certain period of time.

Security and traceability
The fact that the individual is always identified is important for security and traceability.

Organizations will therefore be able to control access to individual parts of their websites and verify the user and his access to their web services.

This gives organizations the opportunity to ensure that no one accesses data except those who truly have the right to access.

This also gives organizations the opportunity to audit log an action so that it is traceable to the person who performed it, when applicable.

What does a government agency need to do?

The Digital Iceland Login Service is operated as a subscription service (SaaS) at no cost to government agencies.

Agency submits an application for the Digital Iceland Login Service
After that the agency must provide technical information on the website to which the service is to be linked and access a test area in order to connect its website.
Digital Iceland provides technical advice for the implementation of the Login Service.

What role does Digital Iceland play?

Digital Iceland operates and maintains a login service and an authorisation system with 24/7 monitoring of implementations by our operators. Digital Iceland also provides technical assistance to the agencies in implementing the Login Service.

Technical information

The infrastructure of Digital Iceland's login service is hosted by AWS. Scalability is ensured by using the technology that the environment offers to scale when the load is high.

Security is, among other things, secured with encrypted data communication and foundations and all traffic for the login service goes through Straumurinn (X-road).

The system is monitored around the clock, but Digital Iceland places great emphasis on logging and monitoring in all development and operation.

The system is regularly scanned for vulnerabilities and has been taken out by a third party that specializes in security audits.

The system follows modern technology.

More technical information can be found on the development website of Digital Iceland.

Question and answer

When dealing with sensitive data, it is necessary to have a reliable service to verify individuals digitally. It must be certain that the person logging in and retrieving the information is truly who they say they are. With any kind of web key or "user name and password" that can pass between people, this security is not guaranteed. That's why society has turned to electronic IDs that ensure that you are you in the digital world and are equivalent to presenting an identity card.

It should be noted that 90% of citizens over the age of 18 have applied for electronic identity cards.

Electronic IDs come with a number of challenges because their premise is that the individual can identify himself with them without assistance.

This has the consequence that not everyone can apply for an electronic identity card.

Examples include individuals who cannot choose their own secret number, e.g. due to disabilities or children who simply do not have the maturity to use them. Another example of a challenge is Icelanders living abroad who have to come to the country to apply for an electronic identity card. And yet another example is the elderly who do not have the means to integrate themselves into the digital world, who still need to access digital services.

If individuals cannot identify themselves electronically, there needs to be a way for others to perform actions on their behalf in a secure and traceable manner. Therefore, Digital Iceland has worked to create an agency system where parties who have the right to do so can log in and handle cases on behalf of others in a traceable manner.

Authentication system

Table of contents

Login with electronic ID

Login on behalf of others

Benefits for government agencies

What does a government agency need to do?

What role does Digital Iceland play?

Technical information

Question and answer

Who uses the authentication system?

Why electronic IDs?

What about those who do not want or cannot use electronic IDs?

Why replace IceKey? Why is IceKey not safe?