Skip to main content
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock ( Https ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Integration overview

Login.gov is an identity provider that integrates with your application using industry protocols.

Login.gov is a FedRAMP moderate approved multifactor authentication and identity proofing platform that makes online interactions with the U.S. government simple, efficient and intuitive.

Integration flow

  • Once a service provider configuration is provided in one of Login.gov’s environments, users start at your application and are redirected back to Login.gov via OIDC or SAML protocols.
  • Your application request will determine if the request will be processed as just an authentication request at NIST Identity Assurance Level 1 (IAL1) or as an identity proofed event at NIST Identity Assurance Level 2 (IAL2).
  • New users will either create an account corresponding to the identity assurance level requested (IAL1/IAL2) and returning users will present their existing Login.gov credentials to reauthenticate into Login.gov. If a user is new to your application they will consent to their information being shared with your application.
A diagram flow of IAL1 walkthrough experience
Fig. 1: IAL1 flow
A diagram flow of IAL2 walkthrough experience
Fig. 2: IAL2 flow
  • Upon successful completion of the account creation or authentication, users will be redirected back to your application with the user attributes that correspond to their user level.
  • With the attributes provided by Login.gov, your application will handle authorization of the user and assign roles and permissions.

Service provider configuration

This is the configuration for your application within Login.gov’s identity provider (main application). For the sandbox environment you will be able to configure this yourself. In our production environment, we will manage this configuration.