Initial steps

In order to start with connecting to the Connectis Identity Broker (CIB), please start with the initial steps as described on this page. Without following these important steps you may experience delays, technical difficulties and/or even unnecessary expenses.

In order to set-up your CIB environment, Connectis requires a subdomain reserved through DNS for the use of the Connectis Identity Broker. This will enable you to make use of the different Identity Providers (IdP’s).

Step 1: Setting up a domain name

The Connectis Identity Broker will per default be hosted on a domain name in the following format:

your-organisation-name.cib.connectis.com

If required, you can migrate this environment to another domain name. DigiD, for instance, requires that the Connectis Identity Broker runs on a domain name that is managed by your organisation, instead of by Connectis. Please follow these steps to alter your domain name:

1. Choose a new domain name for your instance of the Connectis Identity Broker and send an email to technicalsupport@connectis.com with the new domain name and subdomains you’ll be making available for use with the CIB. Ensure that these subdomains do not exist yet and/or are not in use for a production website. Preferably, please provide us with a subdomain for both your pre-production and production environments. For example:

Pre-production - https://pre-login.yourwebsite.com

Production - https://login.yourwebsite.com

2. We also require the Organisation Identification Number (OIN) corresponding to the Service Provider. This will be needed by the Connectis Technical Support department for the next step.

Note: Connectis uses several techniques to secure the login flow. HTTP Strict Transport Security is one of these. All traffic to and from the domain and all subdomains will be forced to use a secure connection. Please keep this in mind when deciding on a domain name because this will also force other traffic to that same domain to be secure.

Step 2: Purchase PKIo certificates using Certificate Signing Requests (CSRs)

The Connectis Technical Support department will generate Certificate Signing Requests (CSRs) based on the subdomain URLs and OIN you have provided. With these CSRs you’ll be able to purchase PKI Overheid G3 certificates, these are mandatory for DigiD and eRecognition.

Please ensure that:

  1. You make use of the CSR’s provided by Connectis and do not independently purchase the certificates.

  2. You do not purchase any other kind of certificate than PKI Overheid G3.

Once you have received the certificates, send the public part of the certificates (which will have the .pem or .cert file extension) to the Connectis Technical Support department. (technicalsupport@connectis.com)

Step 3: DNS changes

With the certificates, the Connectis Technical Support department will start setting up your CIB environment. They will also notify you of the required DNS changes, so that your subdomains (mentioned in step 1) redirect to the Connectis servers. You will receive a DNS entry containing a CNAME. Configure this entry into your DNS server.

Step 4: Invitation to set up your MyConnectis account

Once your CIB environment has been set-up, you’ll receive a notification from the Connectis Technical Support department and an invitation to start configuring your MyConnectis account.

In case any of the steps mentioned above are unclear, please contact our Technical Support team.