Development

NSIS solutions

NSIS solutions for the private and public sectors, including finance, insurance, state and municipality

In 2021, NemID will be replaced by MitID, whilst employee signatures (MOCES) are set to be replaced by corporate identities. At the same time, The Danish Agency for Digitisation will introduce a number of new requirements for IT user authentication, which are set out in the so-called NSIS standard. This means that you will have to assess how your existing access and user management solutions need to be adjusted to fit the new public infrastructure.

Globeteam’s NSIS solutions are adaptable, meaning we can come up with a solution that fits your specific needs – regardless of whether that is on site or in the cloud. You can choose to start small, with a basic IdP solution that solves some of the challenges related to NSIS, and can be expanded upon at a later stage if your needs change. Or, you can choose to go with an extended solution now that digitalises all NSIS processes and provides full compliance with the standard. We can also assist you in the larger compliance work involved in the solution.

The National Standard for Identity Assurance Levels (NSIS) sets out several new requirements that you as an organisation will need to adhere to if you either use or offer digital self-service solutions for corporate users. These same requirements will apply to self-service solutions for citizens by the end of 2021 or early 2022, when the switch from NemID to MitID is made.

Therefore, the first and most important thing you will need is an overview, detailing what it will take for you to be compliant with the standard, and highlighting the best way to approach the task. We offer an NSIS analysis where we work with you, mapping the best possible path to compliance with the standard.

But what exactly is NSIS?

NSIS is the Danish version of the EU eIDAS regulation, whose objective is to create a common framework of trust for digital identities, and it affects all public systems within digital identity services. This includes health, tax, courts, finance and insurance sectors, citizens’ services, among others, and any of us who have to access the systems will be subject to this new standard. It requires that identities and application users be verified at one of three levels: low, substantial or high. This will take place by establishing a local IdP for authentication.

Why use a local IdP or IdM?

Today, you use employee signatures that might be managed locally at your premises via the so-called “local signature server solution” (LSS). However, employee signatures will no longer be in use, and so you will have to switch to another method of setting up and authenticating your (corporate) users against public IT systems.

You could choose to either administer the users directly in the new common public NemLog-in solution, which will also be responsible for handling corporate identities in the future. This means that everything will have to be carried out manually.

Alternatively, you could use the concept that is referred to in NSIS terminology as local IdP (Identity Provider) and/or local IdM light.

With NSIS local IdM light you can synchronise all your user identities against NemLog-in. This ensures the relevant users always have access to setting up a profile with NemLog-in and running logins to the public systems from there, and it also means that the users are then deleted when they leave you.

With NSIS local IdP you take on the responsibility yourselves of authenticating identities against the public systems. This provides the users with a number of advantages, such as single sign-on to the public systems based on your existing login solution (typically Microsoft AD or Microsoft Azure AD) for example.

However, establishing a local IdP solution increases your auditing burden significantly. In many cases, you will have to produce a yearly audit statement for the Danish Agency for Digitisation, documenting your compliance with the NSIS standard in your daily work.

In response to this, we have built into our NSIS solutions packages the option of various extra modules for our local IdP solution. These make it possible to digitise almost all the audit processes.

Our NSIS solutions: Local IdP, including additional elements

Globeteam offers a solution model that consists of a basic IdP solution and two expansion modules. All elements of the solution have been developed with the aim of achieving as much automation and digitisation of the NSIS requirements as possible, providing the greatest flexibility in meeting your needs whilst also ensuring a high level of user-friendliness for the end users.

We can deliver your solution with software that is installed locally at your premises. Or, alternatively, we offer a Managed Service where we maintain the operation of the solution and also take on the work (and expenses of) developing the required audit statement for the majority of the NSIS controls.

Basic solution: NSIS local IdP

The basic solution can authenticate MitID users for NemLog-in3 and other public digital infrastructure based on your own Active Directory (AD) or Azure AD.

It supports all requirements for an NSIS local IdP with adherence to “low” and “substantial” NSIS safety levels. This includes the multi-factor authentication (MFA) with Microsoft/Google Authenticator, Android and IoS phones, Windows Hello, OS2faktor and most other hardware tokens.

With this solution, you can offer users the advantage of only having one identity to administer, that provides them with a single sign-on for all of your systems as well as the public systems that are used. When users move from NSIS level “low” to a system that requires the “substantial” level, however, they will first be asked to perform an MFA-login.

The basic solution works with all operational models, whether you have an on-site or cloud-based infrastructure, and it can be integrated with your current AD FS, Azure AD, Safewhere Identify or any other common federation solution.

It is important to note that your IT infrastructure will not be connected to the IdP solution in any way, not in terms of security or operation. The solution integrates with your infrastructure via federation standards like WS-Federation, SAML 2.0, OpenID Connect or corresponding federations, and it does not require any exchange of passwords or other security information.

The solution also provides the following benefits:

  • You can control users and rights from just one place (same place as today)
  • You can use the same login methods for your own organisation as for externally-directed services. It is also possible to add many different login methods to the solution should you wish.
  • Option to use existing two-factor solutions
  • It is possible to support national eID solutions for employees from the entire EU
  • Option to adapt elements such as interfaces and logo to fit your needs
  • Option to upgrade to NSIS level “high”

Synchronisation module

This module automatically adds user creation to the basic solution, thereby removing all manual tasks connected with creating NSIS users within NemLog-in.

User creation takes place via automatic synchronisation from your Active Directory, Azure AD or Safewhere Identify to NemLog-in.

The module can also be used as an independent solution, if you do not want a local NSIS IdP, and so only need to automate onboarding and offboarding of your users with NemLog-in.

This means that the functionality corresponds to what is referred to in NSIS terminology as a local IdM light.

 
 
 
 
 
 
 

Process module

The complete solution digitises and improves the processes that are required by NSIS during the onboarding of employees and issuance of electronic means of identification.

Users with NemID/MitID can themselves carry out automatic onboarding and administer their own MFA-login in the solution, so that you completely avoid manual work tasks related to this.

With manual onboarding of users without a NemID/MitID, where the showing of a passport/driver’s license or a witness is required at onboarding, the majority of the processing is also automated in the solution.

At the same time, the process module automatically generates a complete compliance and document trail that you can use for your auditing process.

There are also many options for adaptations and expansions, including covering automatic onboarding of employees from other EU countries.

NSIS guidance and revision

Globeteam offers guidance on the organisational implementation of the NSIS processes, and design and implementation of IdP or other NSIS solutions.

In order to make sure that you fully comply with the legal and technical audit requirements, we also work with a professional IT auditing firm that can carry out the audit at your end for an excellent price.

Why choose Globeteam as your NSIS supplier?

You should choose us because there’s no other company in Denmark with more extensive experience delivering solutions within this specialised field, usually referred to as ”federation solutions”.

Globeteam has been delivering large and small federation solutions within various industries since 2006.

Many of our simple solutions were based on Microsoft’s federation server AD FS (Active Directory Federation Services), for which we have also developed extra modules over time.

We have also delivered some very large and complex solutions based on the Safewhere*Identify product, which excels by being the only federation server that contains full support of the Danish standards OIO IDWS, OIOSAML and OIOSAML Local IdP Profile as well as all the common international federation standards.

This is why Safewhere*Identify, among others, handles the many million annual logins that take place at the Danish Agency for Modernisation of Public Administration, KOMBIT (support systems access management for systems and users) and the Danish Environment Portal.

This is why we are the obvious choice of partner when the Danish public sector completely switches to federation for the implementation of eIDAS via the new NemLog-in and MitID in 2021.


Kontakt Peter Langvad, hvis du vil høre mere om vores NSIS-løsninger

For more information, contact:

NSIS analysis

NSIS analysis for municipalities

Take the right approach to the NSIS task, with a collective plan setting out estimates of resources and costs.

In collaboration with Vangsaa Consult, Globeteam can offer a thorough NSIS analysis of the municipality, covering the overall scope of tasks regarding NSIS, NemLog-in3 and MitID.

For further information click here

Optimize your business and your IT-investments

Are you interested in knowing more about the services of Globeteam, and how we can help exactly your company?