Register and manage your service
You get a unique client ID when you register your service. You’ll need this client ID to integrate each of your services with GOV.UK One Login.
You should configure multiple client IDs if you have multiple environments, for example staging, user acceptance testing, integration, production. There’s further guidance on creating a configuration for each service you’re integrating.
Registering should take 5 minutes to complete. To register your service to use GOV.UK One Login, you’ll need:
- a government email address
- a mobile phone
If you do not have a government email address or mobile phone, you should find a civil servant in your team who can register the service on your behalf.
Whoever registers the service will have the entry tied to their email address. It is currently not possible to reassign ownership if someone leaves or to add multiple email addresses to a particular client. If you need access after someone has left, you can create an additional client using a different email address and transfer the configuration settings to the new account.
- Go to the Get started with GOV.UK One Login page.
- Select Register your interest and follow the on-screen instructions – if a prompt appears, the username is
integration-userand the password iswinter2021. - Fill in the details using this table.
| Name | Description |
|---|---|
| Client ID | GOV.UK One Login will assign your service a unique Client ID which you must configure into your service. |
| Client name (Service name) | Choose the name of your service. This will be visible to your users in the sign in journey. Choose your client name. The client name will appear in the user interface when GOV.UK One Login redirects your user back to your service so choose something your users would recognise. There’s further guidance on naming your service. |
| Contacts | Enter the email addresses of your service’s technical contacts – this can be a group email or multiple separate email addresses, or a combination of both. |
| Redirect URLs | The URL we will return your user to after they complete their GOV.UK One Login journey. You can enter more than one URL. |
| Post Logout URLs | If you want to redirect your users after they log out, input one or more URLs. These will be where you redirect your users to after you have logged them out. There’s further guidance on logging your user out of GOV.UK One Login. |
| Back channel logout URI | If you want to receive logout notifications from GOV.UK One Login, specify the URI of the endpoint you want GOV.UK One Login to call. There’s further guidance on requesting logout notifications from GOV.UK One Login. |
| Landing Page URL | It’s not possible to configure this yet. Send an email to govuk-one-login@digital.cabinet-office.gov.uk if you need to configure this. |
| Sector identifier URI | Specify your service’s sector identifier. You must not change the sector identifier once your service has started to sign up or migrate users. Doing this will change the subject identifiers GOV.UK One Login creates for each individual user. There’s further guidance on choosing your sector identifier. If your service has more than one redirect_uri, you must set the sector identifier in line with the OpenID Connect Core 1.0 specification. |
| Scopes | Enter the scopes your service requires. You must include the openid scope.You may choose one or more of the following: emailphoneThere’s further guidance on choosing which user attributes your service can request. |
| Claims | If you’re doing identity verification, you need to specify which claims your service requires. You may choose one or more of the following: https://vocab.account.gov.uk/v1/passporthttps://vocab.account.gov.uk/v1/drivingPermithttps://vocab.account.gov.uk/v1/coreIdentityJWThttps://vocab.account.gov.uk/v1/addresshttps://vocab.account.gov.uk/v1/returnCodeThere’s further guidance on choosing which claims your service can request. |
| Token Authentication method | Specify the token authentication method your service is using. This will be private_key_jwt or client_secret_post.There’s further guidance on using the correct token authentication method for your service. |
| Public Key | Only required if you’re doing identity verification and using the private_key_jwt token authentication method.Enter the contents of your public key Privacy Enhanced Mail (PEM) file (or whichever file was created when you created your key pair). There’s further guidance on generating a key pair. |
| ID token signing algorithm | Choose either RS256 or ES256.There’s further guidance on choosing an ID token signing algorithm. By default, GOV.UK One Login will sign the id_token JSON Web Token (JWT) using the ES256 algorithm but some third party tooling does not support ES256. |
Request signing with the RS256 algorithm
By default, GOV.UK One Login will sign the id_token JSON Web Token (JWT) using the ES256 algorithm but some third party tooling does not support ES256. If your service needs an alternative algorithm, we can sign your id_token JWT using the RS256 algorithm. Let us know if you need this when you register your service.
Update your service’s details with GOV.UK One Login
You can update your service’s details to amend things like scopes you’re requesting.