What is ClickID?
ClickID is an EU-hosted, open-source SAML 2.0 identity provider built as a drop-in replacement for DigiD — the Dutch national digital identity system — for private-sector services that use DigiD by convention rather than legal requirement.
Why ClickID exists
DigiD is a national government service operated by Logius. While many private-sector organisations in the Netherlands have integrated DigiD authentication into their services, not all of them are legally obligated to do so. Several concerns arise for these organisations:
- Data sovereignty: DigiD is a Dutch government-controlled infrastructure. User authentication data flows through government-operated systems.
- Vendor lock-in: There is no open standard for the DigiD-specific BSN-derived identifiers used across services.
- EU residency requirements: For organisations operating under stricter data residency rules, routing authentication through a single national government system can be problematic.
- Auditability: DigiD is closed-source. Organisations cannot inspect or verify the code that handles their users' identities.
ClickID addresses all of these concerns. It is fully open source (EUPL-1.2), EU-hosted, and built on widely-adopted open standards.
Who is ClickID for?
ClickID is designed for private-sector services that:
- Currently use DigiD purely by convention (not legal mandate)
- Want to retain a familiar login UX for Dutch residents
- Need EU data residency for identity operations
- Require an auditable, open-source IdP implementation
- Want to avoid dependency on Dutch national government infrastructure
ClickID is not a replacement for DigiD in contexts where DigiD is legally required (e.g. government services, healthcare services governed by specific regulation). Always consult your legal team.
What ClickID provides
| Capability | Detail |
|---|---|
| SAML 2.0 IdP | Drop-in replacement — same binding, same NameID format |
| Substantial assurance | Password + TOTP or passkey, matching DigiD Midden level |
| Pseudonymous identifiers | Stable sector-ID per user/SP pair — no cross-SP correlation |
| EU data residency | Infrastructure hosted in EU; no data leaves EU jurisdiction |
| Open source | EUPL-1.2 — fork, audit, self-host |
| Sandbox environment | Full test realm with demo users, no email verification |
| SP self-service | Developers register and manage their SPs via a web portal |
Key features
- Keycloak 24 at the core — battle-tested, widely deployed open-source IdP
- Custom Sector-ID Mapper SPI — pseudonymous per-SP identifiers using HMAC-SHA256
- WCAG 2.1 accessible EU theme — familiar blue (#003DA6) login UI
- Two realms:
clickid(live) andclickid-sandbox(testing) - Nuxt 3 SP Portal at portal.clickid.eu for self-service SP onboarding
- Helm chart for straightforward self-hosting on Kubernetes
Get started
If you are an SP developer looking to integrate:
- SP Integration Overview — what you need and the two-step process
- Register your SP — step-by-step portal walkthrough
If you want to run ClickID yourself:
- Local development setup — up and running in minutes with Docker Compose
- Production deployment with Helm — full Kubernetes deployment guide