More government institutions are adopting the DigiD log-in procedure and providing a suitable mobile app. DigiD is a safe log-in method but it comes at a cost in ease of use, especially if the user name and password have to be repeatedly typed in from a tablet or smartphone.
DigiD does not permit the user name and password to be saved in the browser for ease of log-in afterwards. From a security perspective this is a logical restriction. But how does it work with mobile applications? Consumers do not want to start up a mobile app then enter a user name and password each time they log in.
Your company is one of the following: Government department, The Belastingdienst (Dutch tax office), Gemeenten (city municipalitie) and their partners, Pension fund, The Dutch police, Dutch province, Regional water board, Healthcare provider (including pharmacies), Health insurance company and you want to offer consumers a way to log in to your apps using the digital identification (DigiD) issued by the Dutch government?
With Onegini for DigiD your users can log in safely from their mobile device with, optionally, a PIN code. Your customers complete a one-time registration process and then have secure access to your services. After registration the end user can log in easily with a PIN. Onegini runs security checks to prevent misuse or unauthorized access.
We offer a total solution that easily integrates with your current IT infrastructure. Our solution is continuously tested, audited and improved. Trusted solution by many big brand names for protecting their mobile applications and keeping their sensitive data safe.
DigiD does not permit the user name and password to be saved in the browser for ease of log-in afterwards. From a security perspective this is a logical restriction. But how does it work with mobile applications? Consumers do not want to start up a mobile app then enter a user name and password each time they log in. Onegini Mobile Login offers a solution that is already widely used in the market.
The unique point about this solution is that the mobile app no longer knows who the end user is. This information remains within your organisation. After connecting the device and choosing a PIN code the end user can log in easily with a PIN, Onegini runs security checks to prevent misuse or unauthorized access.
Basically the Onegini Mobile Security Platform is responsible for token management tasks such as issuing, revoking, granting of access, and prevention of misuse. Each registration of a new device is stored in Onegini so that you can see how it is being used. This also allows organization wide (de)activation of a specific device.
The prevention of identity fraud is a complex process that many organizations do not implement. With Onegini you benefit at once from features which are delivered as standard. Onegini logs all events concerning log-in and authorization in an operations data store. These events are analyzed in real-time by our risk-based engine which looks for signs of possible misuse.
Onegini offers the facility to demand further authentication from the end user in the light of certain events or analyses. This can be done with, for example, an SMS (text), a TAN code, or a PIN code. Only then is the user granted access. Moreover, it is possible to immediately “disconnect” the device. This is essential in the event of a device being stolen.
All activities to do with logging in, such as connection of the device, logging in, and the management of tokens, are logged. This forms the basis for your organizations monitoring dashboard. It also makes you compliant with the legal requirements for audit-trails.
An extensive management console is provided for the configuration and administration of the system. From here, administrators can carry out configuration tasks, study event logs, and manage users. Onegini supports various roles including operators, help-desk workers, and administrators, each with their own set of privileges.
Onegini offers an extensive set of management and user APIs which are simple to integrate into your own applications or mobile apps. Using this you can for example decide whether end users may disconnect a trusted device.