Idura Verify overview - How it works - Idura Verify Documentation
IduraDocumentation
  1. Verify
  2. How it works
  3. Idura Verify overview

Idura Verify provides eID (Electronic Identity) authentication as a service.

An eID is a digital identity tied to a natural person(a living, individual human being). Examples of eIDs include Danish MitID, Swedish BankID, and Dutch iDIN. An eID can be used for authentication and, in most cases, for digitally signing legal documents.

An eID is different from traditional social logins like Google or Facebook. While anyone can create a social account under any name, an eID guarantees a legally verified identity. Generally, an electronic identity lifecycle has three main phases:

  1. Enrollment: The physical verification of the user's legal identity and the subsequent issuance of a digital identity.
  2. Active use: The day-to-day authentication of the user as the verified holder of the issued digital identity.
  3. Archival: The termination of the active use of electronic identity for authentication. The identity details are maintained for future reference (e.g., for legal dispute resolution).

Why use Idura Verify?

You will generally want to use Idura Verify in one of these scenarios:

  • Regulatory compliance (KYC/AML): You have strict regulatory requirements to verify the legal identity of your users. An example is Anti-Money Laundering (AML) regulation in the financial sector.
  • Fraud prevention: You develop e-commerce solutions and need to identify customers as part of your fraud reduction and mitigation activities.

A single integration point for multiple eIDs

At Idura, our goal is to give developers an easy path to using eID services without having to become security experts. Idura Verify acts as a technical abstraction layer. You can connect an application written on any stack to Idura Verify, and we handle the country-specific eID integrations. This means you don't have to worry about the underlying technical changes of each specific provider. (Note: To go live in Production with an eID, you will typically need to set up a formal relationship with the relevant bank or government body in each country).

Which industry standards do we use?

At its core, Idura Verify is based on the premise of federated authentication. This means you delegate the complex authentication process to our external service rather than building it directly into your application.

Because we leverage widely adopted industry standards, you can build your application once, and we ensure it remains secure and compatible as identity services evolve. We use:

  • OAuth 2.0 (Open Authorization): An authorization standard that allows a user to grant a site limited access to their resources without exposing their credentials.
  • OpenID Connect (OIDC): An identity layer that sits on top of OAuth 2.0. It allows your application to securely verify the user's identity and retrieve basic profile information.
  • JSON Web Tokens (JWT): An open standard that defines a compact, self-contained, and cryptographically secure way to transmit information between parties.