Knogin
[Developers]

Auth: eIDAS / EUDI European Identity Integration

A European border agency officer needs to access a cross-border operations portal from their national workstation. Rather than maintaining a separate credential, they authenticate once using their government-issued natio

Back to All Modules
Category: Data IntegrationLast Updated: May 26, 2026
data-integrationblockchaingeospatial

Overview#

A European border agency officer needs to access a cross-border operations portal from their national workstation. Rather than maintaining a separate credential, they authenticate once using their government-issued national eID, routed through their country's eIDAS node. The platform verifies the identity assertion, confirms the Level of Assurance meets the required threshold, and issues a session token scoped to the officer's organisation and clearance level. No separate registration is needed, and the authentication event is recorded in the immutable audit trail.

This module integrates with the eIDAS (Electronic Identification, Authentication and Trust Services) regulatory framework and the emerging European Digital Identity (EUDI) Wallet infrastructure. It enables citizens, officials, and professionals across EU member states to authenticate using state-issued credentials, achieving High Level of Assurance (LoA High) as defined in the eIDAS implementing acts. Qualified Electronic Signatures (QES) are also supported, giving digitally signed authorisations the same legal standing as handwritten signatures under EU law.

Key Features#

  • National eID Authentication: Accepts authentication assertions from all EU member-state national eID schemes notified under the eIDAS regulation, routed through interoperable eIDAS connector nodes.
  • EUDI Wallet Support: Implements the OpenID for Verifiable Presentations (OpenID4VP) and OpenID for Verifiable Credential Issuance (OpenID4VCI) protocols to accept credentials from EUDI Wallet-compatible applications conforming to the Architecture Reference Framework (ARF).
  • Qualified Electronic Signatures: Supports QES verification in line with eIDAS Article 25, enabling legally binding digital authorisations without requiring wet signatures or physical presence.
  • High Level of Assurance: Enforces LoA High for sensitive operations and LoA Substantial for lower-risk workflows, as defined in Commission Implementing Regulation (EU) 2015/1502.
  • Cross-Border Interoperability: Works across all EU member states via the eIDAS interoperability network, enabling seamless access for officials and citizens regardless of their country of origin.
  • Attribute Mapping and Normalisation: Translates identity attributes from member-state assertions (given name, family name, date of birth, unique identifier) into a consistent internal identity profile linked to the user's organisation record.
  • Immutable Audit Trail: Every authentication event, including the asserted LoA, originating member state, and resolved identity, is logged to the tamper-evident audit trail to support regulatory accountability and forensic review.
  • Session Scoping and Clearance Binding: Sessions established via eIDAS or EUDI Wallet authentication inherit the user's organisational scope and security clearance level, ensuring all downstream access controls apply consistently.

Use Cases#

  • Citizen Access to Public Services: Enables EU citizens to access cross-border public service portals using their national eID without registering a separate account.
  • Cross-Border Administrative Workflows: Allows officials from different EU member states to collaborate on shared operational platforms while each authenticating via their own national identity infrastructure.
  • Legally Binding Digital Authorisations: Supports the issuance and verification of Qualified Electronic Signatures for approvals, warrants, and administrative decisions that require legal enforceability under EU law.
  • EUDI Wallet Credential Verification: Accepts verifiable credentials stored in EUDI Wallet applications, including professional qualifications, driving licences, and organisational affiliations, for attribute-based access control decisions.
  • Defence and Security Sector Identity Federation: Provides a high-assurance authentication path for multi-national operational environments where each participating nation retains sovereignty over its own identity infrastructure.

Integration#

The module connects to national eIDAS connector nodes using SAML 2.0 protocol bindings and integrates with EUDI Wallet infrastructure via OpenID4VP and OpenID4VCI. It operates as an additional authentication method alongside the platform's existing OpenID Connect identity provider, allowing organisations to configure which authentication paths are available to their users. Organisations deploying in multi-national environments can enable eIDAS authentication per country, with attribute mapping rules configured at the organisation level to align national identity attributes with local role and clearance assignments.

Open Standards#

  • eIDAS Regulation (EU) No 910/2014 and eIDAS 2.0 (EU) 2024/1183: The core legal and technical framework defining electronic identification, authentication, and trust services across EU member states, including the Level of Assurance scheme this module enforces.
  • SAML 2.0 (OASIS): The Security Assertion Markup Language profile used by national eIDAS connector nodes to exchange signed identity assertions between member-state identity providers and relying parties.
  • OpenID Connect Core 1.0 (OIDC): Used for identity federation and session establishment after successful eIDAS or EUDI Wallet authentication, integrating with the platform's existing token-based session infrastructure.
  • OpenID for Verifiable Presentations (OpenID4VP, draft IETF): The protocol used to request and receive verifiable credential presentations from EUDI Wallet applications, enabling attribute-based access decisions.
  • OpenID for Verifiable Credential Issuance (OpenID4VCI, draft IETF): Supports the issuance of platform credentials to EUDI Wallet applications where the platform acts as a credential issuer.
  • ISO/IEC 18013-5 (mDL / mdoc): The mobile document encoding format used by EUDI Wallet credentials, ensuring interoperability with ISO-compliant identity documents such as mobile driving licences.
  • W3C Verifiable Credentials Data Model 2.0: The underlying data model for credentials exchanged via the EUDI Wallet infrastructure, providing a standard representation for identity attributes and their cryptographic proofs.
  • ETSI EN 319 132 (XAdES) and ETSI EN 319 122 (CAdES): European standards for advanced and qualified electronic signatures, used when verifying QES-signed documents and authorisations submitted through this module.

Availability#

  • Enterprise Plan: Included
  • Professional Plan: Available as an add-on for organisations operating in EU-regulated environments requiring eIDAS-compliant authentication.

Last Reviewed: 2026-05-26

Ready to Build?

Get started with our APIs or contact our integration team for support.