OS2faktor: Security and user management

A Danish story about user management across all organisations

Published on: 08/12/2020
Last update: 08/05/2021

Digital identity and right management are the foundation for the security component OS2faktor. The aim is to make it possible to use for instance a municipality login for a regional login page. Striving towards this are two IT-solutions from same root.


The Danish 2-factor authentication solution OS2faktor was developed in 2019. The development happend in a collaboration between the software house Digital Identity and a number of municipalities. At first the solution was intended to be a security component for several systems. The fast development of OS2faktor was motivated by the national implementation a communication platform for employees, parents and students in primary schools and daycares; a software system called Aula.


Developments in OS2faktor

OS2faktor Login grew out of the product formerly known as OS2faktor. To cover two needs OS2faktor has developed into OS2faktor MFA (the original solution) and OS2faktor Login during 2020. OS2faktor Login is a combination of the security component OS2faktor and a Local Identity Provider.


User management, identity, and rights

The public sector in Denmark has during the past 12-13 years worked with a long-term goal. This is that identity and right management ought to be controlled by the organisation, which knows the relevant person in question – the person behind the identity.

Currently this task is divided to three: One solution on state level, one on regional level, and one on municipality level.


Exchange across organisations

Brian Graversen from Digital Identity says that there is a challenge in the current way of performing exchange across organisations. He explains that the issue is that an employee for a municipality for instance cannot login to the regional IT-systems or vice versa.

A part of the foundation of the exchange of identities across organisation is called NSIS (The national standard for identity security levels, red).

OS2faktor MFA (the original security solution) and OS2faktor Login (Local identity Provider and security component) are two components, which implement the NSIS rules and take the first step toward exchange of identities.


New ambitions for the exchange

OS2faktor Login must be kept NSIS-compliant un a running basis. With NSIS set in the municipalities, there will be free movement in the eco-system based on the rules of NSIS. It begins with opening the school system, the municipalities and the state level, however, the ambition of the steering committee of OS2faktor and the supplier is reach much broader.



Final take-aways

  • Practically, the exchange of identities aross organisations in Denmark is complicated. In theory, it just has to be NSIS-compliant.
  • Two component are being developed on in order to make it possible in practice too. These are the two versions of OS2faktor.