HelseID
Client configuration: Single-tenant vs. multi-tenant
As a rule of thumb:
- Multi-tenancy is recommended for cloud-based services (SaaS).
- Single-tenancy is recommended for locally installed applications.
Note
What is a multi-tenant client? A multi-tenant client can represent multiple main entities in HelseID.
Why use multi-tenancy?
- Maintainability: No need to manage a unique client ID for every customer.
- Scalability: New customers can be onboarded without significant infrastructure changes.
Resources
In Production, a main entity typically delegates access to a vendor through Altinn. This delegation allows the vendor to acquire HelseID access tokens on behalf of the main entity.
Note
Delegating access through Altinn is not supported in HelseID's Test environment. In Test, a vendor must delegate access for itself on behalf of a synthetic entity.
Use one of the following methods to gain access to a synthetic entity:
- Create a single-tenant client configuration and specify the organization number.
- Create a multi-tenant client configuration and add a delegation for the organization number.
Creating client configurations
Use HelseID Self-service Test to create new client configurations.
To access the PIT API, specify the API nhn:pit and the relevant scope(s):
nhn:pit/api.read— required for read access.nhn:pit/api.write— required for write access.
Note
The Test environment only accepts synthetic entities. Do not use real-world organization numbers in Test.