Register and manage your service
You get a unique client ID when you register your service. You’ll need this client ID to integrate each of your services with GOV.UK One Login.
You should configure a client ID for each environment you have. For example, if you have staging, user acceptance testing, integration and production you should configure 4 client IDs. There’s further guidance on creating a configuration for each service you’re integrating.
Registering should take 5 minutes to complete. To register your service to use GOV.UK One Login, you’ll need:
- a government email address
- a mobile phone
If you do not have a government email address or mobile phone, you should find a civil servant in your team who can register the service on your behalf.
Whoever registers the service will have the entry tied to their email address. It is currently not possible to reassign ownership if someone leaves or to add multiple email addresses to a particular client. If you need access after someone has left, you can create an additional client using a different email address and transfer the configuration settings to the new account.
- Go to the Get started with GOV.UK One Login page and select Create admin tool account.
- Then, follow the on-screen instructions to enter your email address and confirm your email security code.
- Enter your mobile number and confirm your mobile security code.
- Fill in your client configuration details using this table.
| Name | Description |
|---|---|
| Client ID | GOV.UK One Login will assign your service a unique Client ID which you must configure into your service. |
| Client name (Service name) | Choose the name of your service. This will be visible to your users in the sign in journey. Choose your client name. The client name will appear in the user interface when GOV.UK One Login redirects your user back to your service so choose something your users would recognise. There’s further guidance on naming your service. |
| Contacts | Enter the email addresses of your service’s technical contacts – this can be a group email or multiple separate email addresses, or a combination of both. |
| Redirect URLs | The URL we will return your user to after they complete their GOV.UK One Login journey. You can enter more than one URL. |
| Post-logout URLs | If you want to redirect your users after they log out, input one or more URLs. These will be where you redirect your users to after you have logged them out. There’s further guidance on logging your user out of GOV.UK One Login. |
| Back channel logout URI | If you want to receive logout notifications from GOV.UK One Login, specify the URI of the endpoint you want GOV.UK One Login to call. There’s further guidance on requesting logout notifications from GOV.UK One Login. |
| Landing Page URL | It’s not possible to configure this yet. Send an email to govuk-one-login@digital.cabinet-office.gov.uk if you need to configure this. |
| Sector identifier URI | Specify your service’s sector identifier. You must not change the sector identifier once your service has started to sign up or migrate users. Doing this will change the subject identifiers GOV.UK One Login creates for each individual user. There’s further guidance on choosing your sector identifier. If your service has more than one redirect_uri, you must set the sector identifier in line with the OpenID Connect Core 1.0 specification]. |
| Scopes | Enter the scopes your service requires. You must include the openid scope.You may choose one or more of the following: emailphoneThere’s further guidance on choosing which user attributes your service can request. |
| Claims | If you’re requesting identity verification, you must include https://vocab.account.gov.uk/v1/coreIdentityJWT. We recommend also including https://vocab.account.gov.uk/v1/returnCode to make your error handling more clear. There’s further guidance on return codes. In addition, you can choose one or more of the following:https://vocab.account.gov.uk/v1/passporthttps://vocab.account.gov.uk/v1/drivingPermithttps://vocab.account.gov.uk/v1/addressThere’s further guidance on choosing which claims your service can request. |
| Token Authentication method | Specify the token authentication method your service is using. This will be private_key_jwt or client_secret_post.There’s further guidance on using the correct token authentication method for your service. |
| Public key | Only include this if your service is using the private_key_jwt token authentication method.Enter the contents of your public key Privacy Enhanced Mail (PEM) file (or whichever file was created when you created your key pair). There’s further guidance on generating a key pair. |
| ID token signing algorithm | Choose either RS256 or ES256.By default, GOV.UK One Login will sign the id_token JSON Web Token (JWT) using the ES256 algorithm but some third party tooling does not support ES256. If your service needs an alternative algorithm, we can sign your id_token JWT using the RS256 algorithm |