ID Austria - Login with OpenID Connect

The ID Austria (eID) is the successor to the mobile phone signature and the key to secure digital services. ID Austria is the Austrian variant of the eID, which can be used within Austria to register with official services and private companies based on the eIDAS regulation.

In the coming months, ID Austria will be successively integrated into the eIDAS system in all EU and EEA countries as an additional registration option and will be available to users. An eIDAS registration using ID Austria is only possible if strong authentication is used, for example using smartphone and biometrics.

You can test how the login with ID Austria works by registering with the service provider Ventum (digitalidentity.at) using OpenID Connect.

Disambiguation

Authentication: Authentication means verifying that the user requesting access is the rightful owner of that identity. Well-known methods of authentication are e.g. passwords or biometrics.

Authorization: Granting a user access to an application, considering specific access rights. For example, user A is only allowed to view data, while user B is allowed to view and change data.

OpenID Connect: OpenID Connect (OIDC) is an authentication and authorization framework built on top of the OAuth 2.0 protocol. Using OIDC it is possible not only to authorize users (= grant access), but also to give the service provider the possibility to authenticate the user.

Identity provider: An identity provider provides information about a user to an application (of the service provider). In the current use case, the identity provider is “ID Austria”. The identity provider provides the service provider Ventum with information about the user who wants to register or log in to the website https://digitalidentity.at/.

Service Provider: An application that offers the user certain services or features. In the current use case, the service provider is Ventum and makes various features available to the user on the website https://digitalidentity.at/.

User (Identity): a person with an account at an identity provider who wants to register or log in to a service provider through the involvement of the identity provider. Subsequently, the user gets access to the services of the service provider. In the current use case, the user “XXXOtto XXXOttakringer” (first and last name of the test identity) wants to register on the website https://digitalidentity.at/ in order to subscribe to blog posts.

Step 1: Register with Identity Provider

In practice, this step takes place by registering with an authority, e.g. district authority or municipal district office. Details can be found at oesterreich.gv.at.

For the current use case, username + password of predefined test identities can be used eid.egiz.gv.at/ anverbindungen/testidentitaeten/.

Step 2: Register or login with the service provider

Click on the “Login with OpenID Connect” button at the end of the blog post.

Registration and login works via the “Login with OpenID Connect” button. The website checks whether an account already exists.

  • Account not available: register user
  • Account available: log in user

Click the “ID Austria Login” button

Enter the access data of the user ‘SP-4311343354’

After clicking on "identify" you are logged in and can, for example, edit the profile.

Note: when registering with a test user, no multi-factor authentication is required. Registration with a real user would require additional authentication via the “Digitales Amt” app.

Because this is a test use case that is only intended to demonstrate the functionality of an ID Austria authentication, the rights of the user on the website are severely restricted.

The advantages of ID Austria in everyday life are diverse. In the foreseeable future it will be possible to register with a large number of service providers (government and private companies) without having to laboriously create a new account with a password for each service provider. Each additional account with a password represents a security risk and represents a potential security risk for attackers due to the frequent reuse of passwords.

Using social logins (Google, Facebook, Apple, LinkedIn etc.) it is currently technically possible to log in to many service providers. However, social logins are poorly or not at all suitable for authentication processes at service providers that are subject to strict legal requirements (PSD 2, KYC). Taking out insurance or taking out a loan will generally not be possible with a social login. ID Austria is the solution for service providers who want to provide existing and potential customers with a secure and user-friendly login. Ventum will be happy to support you in the analysis, planning and implementation of the introduction of ID Austria in your authority or company.

Additional information

Information on the opinion of the eIDAS cooperation network

List of all (pre-)notified eID (ID Austria status has not yet been updated)