Last modified: Jul 16, 2026

Choose the right integration method

How to choose authentication, representation and authorisation for your service or system.

Start by deciding who will act, which party the action concerns and whether a person is present. The choice determines which tokens, authorisations and APIs you need.

Choose by situation

SituationStart withWhat the choice provides
A person uses your system and can sign inID-portenConfirms the person’s identity
A system calls an API as its own organisationMaskinportenConfirms the organisation or client calling the API
A system acts with access approved by an organisationSystem userConnects the system to approved access
A system works for customers or clientsSystem user for clientsConnects the system to client relationships and access packages
A data consumer needs permission to retrieve specific dataConsentRecords what the person or organisation has consented to
A service decides whether an identity may perform an actionPDP access controlChecks identity, resource, action and affected party

You may need several choices together. A system user, for example, uses Maskinporten for authentication whilst the service owner uses Altinn Authorization to check access.

Separate authentication from authorisation

Authentication confirms the identity of a person or system. ID-porten and Maskinporten issue tokens that the service can verify.

Representation describes the party on whose behalf the identity acts. This may be the person, their own organisation or a client.

Authorisation decides whether the identity may perform a particular action on a resource for the affected party. A valid token alone does not grant access.

Consent permits a data consumer to retrieve or use specific data. Consent does not replace authentication or access control.

Continue with your role