Enter your search
Logotipo Gobierno de España · cl@ve · Identidad Electrónica para las Administraciones
Logotipo Gobierno de España · cl@ve · Identidad Electrónica para las Administraciones
Search
Enter your search
accesskey_mod_conten
Bar separates header body

Deployment in production of the new IDP Clave Móvil

As of approximately July 4, a new IDP will be put into operation, called Cl@ve Móvil, within the options available on the Clave gateway. Said IDP makes it possible to simplify electronic access to public services, combining pre-existing PIN code and permanent code IDPs in a unified and simplified user experience. This unification process will be carried out progressively as the use of the new IDP Cl@ve Móvil is implemented. At the moment, the three IDPs (Cl@ve PIN, Cl@ve Permanente and the new IDP Cl@ve Móvil) will coexist to facilitate the change.

In this context, citizens will not have to make any new registration in the cl@ve services, they will simply be able to authenticate themselves by confirming the authentication requests they will receive through the Cl@ve mobile application, which citizens will perceive as a new version of the hitherto available PIN key app.

You can see an example of interaction with the new system through this short Cl@ve Móvil - YouTube presentation video that we ask you to only use for information purposes in your internal areas.

This new IDP Clave Mobile is already active in the test environment (SE) of the SGAD for all organizations that already had the IDP Clave PIN enabled. It will be possible to test the complete authentication cycle with Cl@ve Móvil from its start-up, which will offer a simple mechanism to carry out tests in the test environment.

Integration with the new IDP

As for existing integrations that are done directly through the Clave gateway and do not restrict any authentication request to a specific IDP, the integration will be transparent and, in principle, no further action will be required.

It is important to take into account that, although it is not the recommended option, we are aware that there are integrations with the Clave gateway in which the organization has independently developed the connection with each of the IDPs, and for this it restricts the IDPs that are displayed on ID requests. For this type of integration, if you do not want the Clave Mobile to appear next to the pin code IDP, it will be necessary to restrict the new Clave Mobile IDP, in addition to the IDPs that were already restricted. To achieve this, the following parameter must be added to the SAML:

<eidas:RequestedAttribute FriendlyName="CLVMOVILIdP"
Name="http://es.minhafp.clave/CLVMOVILIdP"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
isRequired="false"/>

This way, only the IDPs that were previously displayed will remain visible.