Skip to main content

Set up your service’s configuration with GOV.UK One Login

GOV.UK One Login is an OpenID Connect (OIDC) provider.

You must first register your service with GOV.UK One Login before being able to interact with GOV.UK One Login. You need to do this once for each of your services in the integration environment and the production environment.

Register your service to use GOV.UK One Login

To register your service to use GOV.UK One Login, you need to:

  1. Choose your authentication level.
  2. Choose the level of identity confidence for your service.
  3. Choose the scopes and claims your service needs.
  4. Choose your sector identifier.
  5. Generate a key pair.
  6. Contact the GOV.UK One Login team and we’ll register your service for you.

Contact the GOV.UK One Login team to register your service

You need to contact the GOV.UK One Login team to register your service.

Send an email to govuk-one-login@digital.cabinet-office.gov.uk including:

  • your service’s name
  • your service’s redirect URLs
  • your service’s contact email addresses - this can be a group email or multiple separate email addresses or a combination of both
  • the scopes you selected when you chose which user attributes your service can request
  • the claims you selected when you chose which user attributes your service can request
  • the public key you generated - only send the contents of the ‘public_key.pem’ file and do not include the RSA headers (the words in caps above and below the key)
  • the URL you’d like your users redirected to if they log out of your service - if you do not specify one, your users will be redirected to the default GOV.UK sign out page
  • your sector identifier

The GOV.UK One Login team will send you a confirmation email once they have registered your service.

Request signing with the RS256 algorithm

By default, GOV.UK One Login will sign the id_token JSON Web Token (JWT) using the ES256 algorithm but some third party tooling does not support ES256. If your service needs an alternative algorithm, we can sign your id_token JWT using the RS256 algorithm. Let us know if you need this when you register your service.

Request logout notifications

You can also receive user logout notifications from GOV.UK One Login. To use this, send the GOV.UK One Login team a back_channel_logout_uri specifying the URL you want GOV.UK One Login to send notifications to when a user who was signed into your service using GOV.UK One Login has logged out. There’s further guidance on requesting logout notifications from GOV.UK One Login.

Update your service’s details with GOV.UK One Login

To update your service’s details with GOV.UK One Login, you need to send an email to govuk-one-login@digital.cabinet-office.gov.uk. We’ll get back to you with the next steps.

Progress your application to integrate with the integration environment

Once the GOV.UK One Login team has registered your service, you’ll receive a confirmation email.

The next step before you can use the integration environment is to integrate with GOV.UK One Login.

This page was last reviewed on 2 December 2022.