By making the right choices during provisioning, organisations can establish consistent and secure identity management that meets their requirements for authentication and access control. In this article, we explain the key points to consider.
1. Ensure That the User Has the Required Level of Assurance in Freja eID
Before Freja OrgID can be issued, the user must have reached the level of assurance required by the organisation in their personal Freja eID. Organisations can choose to require that the user’s eID is either Freja Extended or Freja Plus.
The organisation therefore needs to ensure that the user has already verified their identity in Freja eID at the level that corresponds to the requirements for the relevant workplace digital identity.
If the user has not reached the required level of assurance in Freja eID, provisioning cannot be completed according to the organisation’s requirements.
2. Choose the Right Level of Assurance for Freja OrgID During Provisioning
During provisioning, the issuing organisation specifies the level of assurance at which Freja OrgID should be issued. This is done by setting a parameter that defines whether the organisation issues its workplace digital identity at Extended or Plus level.
The selected level then becomes the level of assurance associated with the user’s Freja OrgID.
It is important to note that if no level of assurance is specified during the provisioning process, Freja OrgID will automatically be issued at the Extended level.
Organisations should therefore always make an active choice regarding the level of assurance in their provisioning process to ensure that the workplace digital identity is issued in line with the organisation’s security requirements.
3. Align Authentication Requirements in Your Services
The level of assurance must also be considered when the user authenticates to the organisation’s services. When configuring authentication, the organisation can specify which level of assurance is required to access a specific service or function.
For example:
- A user is assigned a Freja OrgID at Plus level.
- The organisation configures a sensitive business service so that authentication requires Plus.
- Only users with a Freja OrgID that meets this requirement can log in to the service.
This creates an uninterrupted chain of trust between the user’s identity verification, the issued workplace digital identity, and the services the user is allowed to access.
A Continuous Chain of Trust
To ensure correct and secure use of Freja OrgID, organisations should verify three things:
- That the user has the required level of assurance in their personal Freja eID.
- That the correct level of assurance is specified when provisioning Freja OrgID.
- That the organisation’s services apply authentication requirements that correspond to the issued level of assurance.
When these three elements are aligned, organisations create consistent and secure identity management. Users receive the correct level of access, and the organisation can trust the identity presented during authentication.
For more detailed information, please refer to the Freja OrgID documentation via this link.
