Summary

This document will present a technical overview how PhenixID Authentication Services and PhenixID Signing Services can be used in scenarios with SITHS, Myndighets CA, Telia, EFOS or other Certificate Authority.

Background

Many organizations rely on a certificate, issued by a trusted Certificate Authority (CA), as the identity bearer. This certificate can then be used to authenticate to various systems and to sign documents and electronic transactions.

The physical bearer of the certificate may be a smart card, a mobile app, hardware tokens such as yubico or simply a protected file on the desktop/laptop/tablet/mobile.

Swedish examples of trusted Certificate Authorities are SITHS, Myndighets CA, Telia and EFOS.

PhenixID Authentication Services

Mutual TLS authentication

These documents explain how to add mutual TLS authentication as an authentication method to PhenixID Authentication Services:

• SAML IdP
• OpenIDConnect Provider
• Local authentication (internal web app protection, such as enrollment protection etc) or API

Out-of-band authentication – PhenixID OneTouch

These documents explain how to add PhenixID OneTouch as an authentication method to PhenixID Authentication Services:

• SAML IdP – use step-by-step-scenario
• OpenIDConnect Provider – setup SAML IdP with OneTouch and then use this instruction
• Local authentication (internal web app protection, such as enrollment protection etc) or API

Out-of-band authentication – NetID Access

These documents explain how to add NetID Access as an authentication method to PhenixID Authentication Services:

• SAML IdP
• OpenIDConnect Provider
• Local authentication (internal web app protection, such as enrollment protection etc) or API

External authentication provider

These documents explain how to add an external authentication provider (for example SAMBI, eIDAS) as an authentication method to PhenixID Authentication Services:

• SAML IdP (see this link about the connection to the eidas federation)
• OpenIDConnect Provider
• Local authentication (internal web app protection, such as enrollment protection etc) or API

Radius authentication

Use PhenixID Authenticaton Services with EAP/TLS for Radius clients. Please contact us for more information.

PhenixID Signing Services

Local (direct) signing – PhenixID OneTouch

Signing transactions (text)

This document explains how to setup PhenixID Signing Services (API) to be used with PhenixID OneTouch as the signing method (for local signing).

Local (direct) signing – NetID Enterprise (Telia, SITHS, MyndighetsCA, Other CA)

Signing transactions (text)

This document explains how to setup PhenixID Signing Services (API) to be used with NetID Enterprise as the signing method (for local signing).

Local (direct) signing – NetID Access (Telia, SITHS, MyndighetsCA, Other CA)

Signing transactions (text)

This document explains how to setup PhenixID Signing Services (API) to be used with NetID Access as the signing method (for local signing).

Federated (indirect) signing – PhenixID OneTouch

Signing transactions (text)

Follow this document. Then change the Signature method to this.

Signing documents (pdf)

Follow this document. Then change the Signature method to this.

Federated (indirect) signing – NetID Enterprise

Signing transactions (text)

Follow this document. Then change the Signature method to this.

Signing documents (pdf)

Follow this document. Then change the Signature method to this.

Federated (indirect) signing – NetID Access

Signing transactions (text)

Follow this document. Then change the Signature method to this.

Signing documents (pdf)

Follow this document. Then change the Signature method to this.

Federated (indirect) signing – External provider

Signing transactions (text)

Follow this document. Then change the Signature method to this with this identity provider.

Signing documents (pdf)

Follow this document. Then change the Signature method to this with this identity provider.