THE SMART WAY OF
MANAGING ROLE
BASED IDENTITIES

Freja is the first mobile e-ID that is approved for the state quality mark ‘Svensk e-legitimation’ e-identification for use as an e-ID for employees. But that is just one of many uses for Organisation eID.

WHAT IS FREJA ORGANISATION eID?

In Freja eID you can add an Organisation eID (OrgID) which is based on the user’s role in your organization. It can be used as an employee ID, member ID, customer ID and in other situations where you want to link a specific attribute to your users. This enables identifying a user without exposing personal data in the transaction and to manage the life cycle of your users and associated attributes.

OrgID is based on the strong, personal identities issued by Freja eID. This means that we are responsible for the original identity verification of the users. You choose whether you want the users to be verified with and ID document (Extended) or whether they must have an approved LOA3 identity (Plus, for Swedish users only). With a verified identity at the core, your organisation issues its own ID in Freja, with the organisation’s own attributes and with its own life cycle management.

HOW CAN IT BE USED?

Freja OrgID can be used in the same way as the user normally uses an e-ID; for login, electronic signatures and in all other contexts where a digital identification is needed. The difference is that it is not a personal attribute that forms the basis for the identification, but an attribute linked to the organisation.

Freja OrgID also works in physical contexts. With biometrics or PIN, the user opens the ID screen where the name, photo, organizational attribute and affiliation are displayed. Freja can thus replace plastic cards and other physical service credentials.

FOR INTERNAL AND EXTERNAL SERVICES

Freja OrgID works for internal systems and services and external cloud services. Freja is, for example, integrated with cloud services such as Office 365 and Azure from Microsoft. This means that you can easily increase security in those systems with secured identities of the users. Freja can also be used to identify users in Teams meetings. If you use Azure AD together with Freja, via our IdP, you can use Freja for thousands of cloud services that support federated login via Azure.

Watch the video that shows how easy it will be for the user to log in with a secure, approved Swedish e-identification for Office 365.

Freja OrgID can also be used between different organisations, provided that each organisation handles the ID attribute issued to the user.

SERVICE ID ON SHARED DEVICES

If you have a pool of mobiles or tablets that are shared among the staff, you probably have realized the problem of how the user should identify on a shared device. Freja eID has the solution.

With the shared devices feature, an employment ID issued to the user’s Freja eID – via Organisation eID – can be added to any pool phone, while maintaining security and trust level. Employee identification is then available on the pool phone and the user can identify themselves to both mobile and web-based apps and e-services.

Only the user’s employee ID will be available in the pool phone, not the personal eID. When the user has finished the work shift, he or she logs out of Freja eID on the pool phone, or the session ends after 8 hours. For security reasons, biometrics are turned off on shared devices and the user must use their PIN to approve transactions in Freja eID.

TECHNICAL OVERVIEW

To keep the private and role-based e-ID separate, we have a dedicated API to integrate with for Freja OrgID. The integration is simple and for more information you can read more in the technical documentation here. You can integrate directly with us or via an integration partner, several of these have support for OrgID, which means that you can get started quickly. Here you can read more about our partners. If you use an integration partner that is not on the list, contact us and we can assist them in integrating support for Freja eID.

How does user on/off-boarding work?

Your organization has control over the entire life cycle and is responsible for issuing the role-based identity. Freja is responsible for issuing the personal e-ID that forms the basis for the identity and attributes you later add.

You handle on and off-boarding via our Organisation eID REST API, which gives you great flexibility in how you want to connect it with your AD or other systems. Our customers have chosen to solve on / offboarding in slightly different ways depending on conditions and we are happy to assist with advice on how you can most easily create an efficient flow. Several of our integration partners have ready-made flows around this that you can use, and we can also help your integration partner to set up a flow if you wish.

When you issue an Organisation eID, the user must approve this with their personal e-ID. You define which attributes you want to add and the design of your organisation’s eID with logo and descriptions. When a user leaves your organization, you end the OrgID via our API and the user is then immediately disconnected and no longer has access to the systems and services that were connected to Freja.

Which attributes can we add to OrgID?

You decide which attribute you choose to identify your users with in Freja OrgID, the only requirement is that each user must have a unique attribute. In addition to the user attribute, you also add your organization name and the name you want to give your OrgID.

How many OrgIDs can be added?

There are no restrictions on how many OrgID a user may have linked to their Freja account. It can be one for employment ID, another for a member ID and a third for a loyalty ID. However, there is currently a limitation in that an organisation can only issue one OrgID per user. If you need more, please contact us.

AGREEMENTS AND LEGAL QUESTIONS

Agreement form and price

Freja OrgID is subscribed for a predetermined number of users over a contract period of at least 12 months. The price is fixed per month for the agreed number of users and includes unlimited use for all available services, without any per-transaction cost. Invoicing is done quarterly or annually, in advance.

In addition to obvious administrative and procedural advantages of having a separate e-ID for, for example, employee identification, there are strong legal reasons to choose Freja OrgID. To begin with, it is perceived by many employees as a breach of privacy to have to use their private e-ID in at work. In addition, there is a great risk of making breaches in relation to the GDPR if personal data about third parties is handled when an employee uses a private e-ID for work related transactions.

This is because in the personal e-ID, the user’s consent forms the basis for the handling of personal data. As a consent can never include someone else’s personal data, third-party data cannot therefore be handled in the personal e-ID.

Personal Data Processing agreement

When you sign an agreement for Freja OrgID, a personal data processing agreement is also signed. This means that you as a relying party will be the personal data controller for the data handled in the role-based e-identification and Freja acts as a personal data processor.

Other legal questions

As Freja OrgID is a solution for legal and regular compliance as much as solving technical and user related issues, we have compiled a number of questions and answers about this that you will find here.

GET STARTED

You can easily test Freja OrgID by obtaining a test certificate for access to our test environment.

Send an email to onboarding@frejaeid.com and we will help you get started. You can also visit our developer section on the website for more information and documentation about our APIs.

If you want to know more about the commercial terms, please contact mikael.emmet.johansson@frejaeid.se or call +46 708-13 21 59.