Reference implementation
To demonstrate what vendor-controlled creation can look like, we have developed the demo client Smartcloud
Reference implementation and setup
A reference implementation has been developed to demonstrate the use of system user. It is developed in C# and can be run as a console application. It does the following:
- Creates a token based on configured JSON Web Key, client ID, scope, and organization number of the system user creator.
- Based on the token received, it makes calls to reference APIs that require system user.
See code with documentation here.
Setting up reference implementation with own configuration
The repository contains the necessary test certificate to run the application. The following must be done to set up your own integration as a system provider:
Log in to onboarding Maskinporten. Here you can use a test ID that is the CEO of a test entity.
Simplified onboarding 
Select entity 
Overview of integrations in Maskinporten. Here you can add new ones 
Create integration, search for required scope 
Add any additional scope and describe the integration 
Download generated keys 
Integration created Get the system registered in the System Register with the correct client ID and linkage to necessary resources/access packages.
Log in with a test user at tt02.altinn.no. The user must have the access management role in Altinn for a test organization and go to the page https://authn.ui.tt02.altinn.no/authfront/ui/auth/creation.
10. Select system 
11. Accept creation of system user with rights to it 
12. Overview of system users for test organization Configure key, certificate, client ID, and scope in the test application.
string clientID = "7ee41fce-9f6e-4c32-8195-0fe2c1517f43"; string scope = "altinn:systembruker.demo"; string systemUserOrg = "210493352"; string pemCertificatePath = @".\mp-key.pem";