SPID and CIE: differences and integration with Keycloak
SPID and CIE compared: how Digital Identities work
Both SPID (Public Digital Identity System) and CIE (Electronic Identity Card) are digital identity tools that allow access to services provided by the Public Administration and affiliated private entities. The main difference between the two lies in their form and the issuing authority. The CIE is a physical card issued by the Ministry of the Interior through the local municipality, equipped with a microchip, and is designed to replace traditional paper identity cards.
SPID, on the other hand, consists of a set of credentials (username and password) provided by various Identity Providers (IdPs), public or private, accredited by AgID. It is therefore a fully online digital access system, without any physical component. While SPID is generally quicker and easier to use, the CIE provides a higher level of security.
SPID and CIE Security Levels
Each digital identity, such as SPID and CIE, is associated with different security levels, also recognized at the European level as Levels of Assurance. These levels indicate the strength of the authentication process.
- Level 1 requires only a username and password.
- Level 2 adds an extra verification step, such as an OTP code sent via SMS or generated by an app.
- Level 3 for SPID involves more advanced security methods or the use of physical devices, such as smart cards, although not all SPID providers support them.
Although intrinsically considered more secure, CIE also follows three authentication levels: Level 1 (low), Level 2 (significant), which requires two-factor authentication, and Level 3 (high), based on the physical use of the card along with an additional authentication factor.
Ready-Made Templates
Are you looking for an IAM System?Visit the Yookey website to discover the available solutions
Enabling SPID and CIE authentication through Keycloak
Keycloak is an Identity and Access Management (IAM) platform that can be configured to support authentication via SPID and CIE , integrating these systems into applications and websites.
Using Keycloak simplifies the implementation of Single Sign-On (SSO), a feature highly requested by both the Public Administration and private companies, allowing users to access multiple online services with a single authentication. Adopting Keycloak also means relying on a solution that automatically manages infrastructure and updates, reducing the technical burden for service providers.
From a technical perspective, SPID and CIE differ in their OpenID Connect profiles, particularly in the management of metadata, authorization endpoints and refresh tokens. An IAM system like Keycloak must be configured to handle these differences correctly, ensuring proper interpretation and management of user attributes.
Yookey ID: SPID and CIE Gateway
Yookey ID is a Keycloak-based SaaS (Software as a Service) solution offered in the cloud and accredited by ACN, serving as a SPID and CIE gateway for the Public Administration and private companies. The platform is specifically designed to handle authentication via SPID and the Electronic Identity Card, providing a ready-to-use solution for integrating these systems into applications and websites.
With Yookey ID, it is easy to implement Single Sign-On (SSO) for access to online services, simplifying the user experience. The service is fully managed, including infrastructure maintenance and continuous platform updates, ensuring a simple and secure management of digital authentication.
Speak directly with our team for more information.
