3 Types of MitID Business Logins (+Examples)
What are the three types of MitID Business logins?
In our post about getting started with MitID Erhverv, we discussed its functionalities, advantages over the old system, and the necessary steps to get your organization ready for it.
Today, we’ll cover the three types of MitID Business logins:
- Management representative
- MitID Erhverv: Citizen with professional identity
- MitID Erhverv: Separate professional identity
Each login type caters to different organizational needs.
Let’s look at the use cases for all three types, the slight variations in the user experience, and examples of user data available for each login method.
1. Management representative
If you represent an association or own a sole proprietorship / smaller personal company (PMV), you don’t have to connect to MitID Erhverv.
Instead, you can act as a management representative (“ledelsesrepræsentant” in Danish), using your private MitID to sign documents and enter into agreements on behalf of your company or association.
To act as a management representative, you must be registered in the Central Business Register (CVR). In many cases, majority owners of the company use this option. Alternatively, an organization can register an individual as its designated representative.
The image below shows an example of the login experience for an individual registered as a management representative with two different companies.
After entering their personal MitID user ID and approving the login (e.g. with the MitID app), the user is given the option to log in as management of the companies they’re affiliated with.
* It’s also possible to add an option to log in as a private individual. With Criipto Verify, this can be configured per application in an authorize request.
Example: JWT token contents for management representatives
When logging in as a management representative, the resulting JWT token will contain the following claims:
{
"identityscheme": "dkmitid",
"nameidentifier": "0f9960a0d28d4353a3e2ea07f8ffa185",
"sub": "{0f9960a0-d28d-4353-a3e2-ea07f8ffa185}",
"uuid": "74ffcd31-fbaf-4c33-bdac-169f25c1e416",
"cprNumberIdentifier": "2101270087",
"birthdate": "1927-01-21",
"age": "93",
"name": "Paiman Petersen",
"cvrNumberIdentifier": "12345679",
"2.5.4.10": "Et eller andet IVS nr. 12345679",
"companySignatory": "true",
"country": "DK"
}
In addition to the standard MitID claims issued when an individual logs in with their private credentials, the token will include:
- cvrNumberIdentifier is a Danish Business Registry Number (CVR Nummer)
- 2.5.4.10 is the name of the company
- companySignatory is set to true when a person is authorized to enter legal agreements on behalf of the company
2. MitID Erhverv: Citizen with professional identity
A company must connect to MitID Erhverv if its employees need to act digitally on its behalf, such as reading the organization’s digital mail, reporting illness, or logging into public self-service solutions.
Employees with a registered professional identity will have the option to use their personal MitID to log in as professional user connected to their company:
Example: JWT token contents for citizens with professional identity
When logging in as a professional user, the resulting JWT token will contain the following claims:
{
"identityscheme": "dkmitid",
"nameidentifier": "159d89fca2db4300a52ab7865f7b1ff3",
"sub": "{159d89fc-a2db-4300-a52a-b7865f7b1ff3}",
"uuid": "3c6d9757-1e70-438a-8dd3-5f84398c2e25",
"cvrNumberIdentifier": "91964632",
"2.5.4.10": "Testorganisation nr. 91964632",
"name": "Asger Henriksen",
"country": "DK"
}
- cvrNumberIdentifier is a Danish Business Registry Number (CVR Nummer)
- 2.5.4.10 is the name of the company the individual is connected to
- Please note that the sub, nameidentifier, and uuid values here will differ from the corresponding private citizen MitID login
3. MitID Erhverv: Separate professional identity
Companies also have the option to create a separate professional identity for an employee. This approach makes sense when an individual prefers not to use their personal MitID for business purposes or when an organization requires employees to use separate professional identities.
It's important to note that having several users in the same MitID app will disable biometrics within the app. This leaves two options:
- Users with both personal and professional MitID identities should use a PIN code instead of face ID or fingerprints
- Companies should have a dedicated device for each MitID user
The login experience for users with separate business identities is the same as when using a personal MitID. The only difference is that they will use their business MitID credentials (user ID and means of identification, such as MitID app) instead of personal ones.
Private MitID vs. MitID for professional use
When using your private MitID for business purposes, you use the same MitID credentials for both personal and professional logins.
With a separate professional MitID, you maintain a separate user ID for business-related activities.
How to request a business MitID login in your application
Developers can request a business login by sending a login_hint=business
or login_hint=business_optional
query parameter in the authorize request. login_hint=business
enables logging in as a business user.
login_hint=business_optional
gives the option to log in as a private individual or a business user, depending on CVR registrations.
What is the best login solution for your company?
Choosing the optimal business login solution depends on your specific requirements.
For smaller companies and associations, owners or representatives can use their private MitID to act digitally on behalf of the company. The “management representative” option is well-suited for this scenario.
Larger organizations may need MitID Erhverv for employees to perform digital actions. In this case, the company can give employees the choice of using their personal identity in a business context or register a separate business identity.
No matter the option you choose, MitID offers a secure and efficient solution for businesses and organizations.
Criipto Verify lets you seamlessly integrate MitID into your application. If you require further assistance or have any queries, please do not hesitate to contact us on Slack or by email.