Skip to main content
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock ( Https ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Integration overview and user flow

Login.gov is a FedRAMP moderate approved multifactor authentication and identity proofing platform that makes online interactions with the U.S. government simple, efficient and intuitive.

User flow

A diagram flow of IAL1 walkthrough experience
Fig. 1: IAL1 flow
  • Once you have successfully integrated your application with the Login.gov environment, users start at your application and are redirected back to Login.gov via OpenID Connect (OIDC) or SAML protocols.
  • The attributes you pass into your application request will determine if the request will be processed at Identity Assurance Level 1 (IAL1) or as an identity proofed account. Identity proofed accounts require the user to complete additional steps to verify their identity in addition to the Multifactor Authentication (MFA). Login.gov continues to work toward achieving certification of compliance with NIST’s IAL2 standard from a third-party assessment organization.
  • New users will create an account corresponding to the identity assurance level requested. Returning users will present their existing Login.gov credentials to authenticate with Login.gov. A new user to your application will consent to their information being shared with your application upon creating an account.
  • Upon successful completion of the account creation and authentication, users will be redirected back to your application with the user attributes that correspond to their user level.
  • With the attributes provided by Login.gov, your application will handle authorization of the user and assign roles and permissions.

Service provider configuration

This is the configuration for your application within Login.gov’s identity provider. In the sandbox environment, you will be able to determine the configuration yourself and decide what is the best fit for your needs. In the Login.gov production environment, we will manage the final configuration.
To configure a test application in the sandbox environment:

  • Create an account in the Login.gov dashboard. From here you will be able to test various configurations and determine what is right for your agency.
  • Select between OIDC or SAML protocol implementation protocols and understand which user attributes are required.
  • If you have questions when testing your app, read through our FAQs or submit a ticket to our technical support help desk.
  • Before submitting a request to move your app to production, review the User experience page and the Production page. Additional requirements, like a signed Interagency agreement (IAA) and agency logo, are described in these pages.
Edit this page
Return to top