Skip to content

Authentication and authorizationΒΆ

NAIS helps your applications log in users, validate inbound requests and make authenticated outbound requests using the following identity providers:

  • Entra ID (aka Azure AD)

    For employees and internal services.

  • ID-porten

    For Norwegian citizens.

  • TokenX

    For internal applications acting on-behalf-of ID-porten citizens.

  • Maskinporten

    For machine-to-machine communication between organizations or businesses.

Your application may have multiple use cases that can require a combination of services.

See the different scenarios below to identify which service(s) you need for your application, and follow the links to the respective service for more details.

Logging in usersΒΆ

Depending on who your users are, you can use the following services to log them in:

🧍 Log in employees Entra ID

🧍 Log in citizens ID-porten

Validating inbound requestsΒΆ

...from applications acting

graph TD
  B1[on-behalf-of]
  B2[as themselves]

  B1 --> |citizens| TokenX[<a href='tokenx'>TokenX</>]
  B1 --> |employees| AAD_machine[<a href='entra-id'>Entra ID</>]
    
  
  B2 --> |internally| AAD_machine[<a href='entra-id'>Entra ID</>]
  B2 --> |externally| Maskinporten[<a href='maskinporten'>Maskinporten</a>]

The graph above can also be described as:

🧍 Validate requests from internal application acting on behalf of employee Entra ID

🧍 Validate requests from internal application acting on behalf of citizen TokenX

Validate requests from internal application Entra ID

Validate requests from external application Maskinporten

Making outbound requestsΒΆ

graph TD
  B1[on-behalf-of]
  B2[as application]

  B1 --> |citizens| TokenX[<a href='tokenx'>TokenX</>]
  B1 --> |employees| AAD_machine[<a href='entra-id'>Entra ID</>]
  
  B2 --> |internally| AAD_machine[<a href='entra-id'>Entra ID</>]
  B2 --> |externally| Maskinporten[<a href='maskinporten'>Maskinporten</a>]

The graph above can also be described as:

🧍 Make requests to internal API on behalf of employee Entra ID

🧍 Make requests to internal API on behalf of citizen TokenX

Make requests to internal API Entra ID

Make requests to external API Maskinporten