Now in public beta

DigiD-Compatible Identity. EU-Hosted. Open Source.

ClickID is a SAML 2.0 identity provider that replaces DigiD for private-sector services. Pseudonymous identifiers, EU data residency, and full auditability.

Start Free Sandbox Book a Demo

EUPL-1.2 Licensed

WCAG 2.1 Accessible

Self-Hostable

SAML Authentication Flow

User authenticates

Email + Password + TOTP

Sector-ID computed

HMAC-SHA256 pseudonym

SAML Response sent

User logged in to SP

Hosted

SAML

2.0 Ready

GDPR

Compliant

100%

Open Source

Why Organizations Look Beyond DigiD

DigiD works well for government services. But for private-sector organizations, it introduces constraints that don\'t align with modern data sovereignty requirements.

Data Sovereignty Concerns

DigiD routes authentication through Dutch government infrastructure. For organizations with strict data residency requirements, this creates compliance challenges.

Vendor Lock-In

DigiD uses proprietary BSN-derived identifiers with no open standard. Switching away requires significant engineering effort and user migration.

No Auditability

DigiD is closed-source. Organizations cannot inspect, verify, or customize the code handling their users' most sensitive identity operations.

Single-Nation Dependency

Routing all identity operations through one national government creates geopolitical risk for organizations operating across EU member states.

Important Note

ClickID is designed for private-sector services using DigiD by convention, not legal mandate. Government services and healthcare providers with specific regulatory requirements should continue using official DigiD. Always consult your legal team.

Features

Everything You Need for Production Identity

Built for organizations that need DigiD-compatible authentication without the government dependency.

Drop-in DigiD Replacement

SAML 2.0 IdP with identical bindings and NameID formats. No code changes needed—just point your SP at ClickID.

Pseudonymous Sector-IDs

HMAC-SHA256 generated identifiers that are unique per user/SP pair. Zero cross-service correlation possible.

EU Data Residency

All authentication data stays within EU jurisdiction. GDPR-compliant by design with no data exfiltration.

Fully Open Source

EUPL-1.2 licensed. Audit every line of code, fork for customization, or self-host without vendor lock-in.

Substantial Assurance

Password + TOTP or passkey authentication matching DigiD Midden level. MFA required in production.

Sandbox Environment

Full test realm with demo users and relaxed policies. Validate your integration before going live.

Self-Service SP Portal

Developers register and manage their own SPs. No ticket queues or manual onboarding required.

Keycloak Compatible

Built on battle-tested Keycloak 24. Standard SAML clients, familiar admin patterns, extensive docs.

Built with proven technologies

Keycloak 24 IdP Core

SAML 2.0 Protocol

PostgreSQL Database

Kubernetes Deployment

Helm Packaging

Nuxt 3 SP Portal

How It Works

From Zero to Production in Minutes

No lengthy procurement or complex setup. Get started with a sandbox account and go live when you're ready.

Register Your Service

Sign up for a free sandbox account at portal.clickid.eu. Register your Service Provider by uploading your SAML metadata or providing a metadata URL.

No approval required
Instant sandbox access
Self-service setup

Integrate & Test

Configure your SP to use the ClickID IdP endpoints. Test the authentication flow with demo users in the sandbox environment.

SAML 2.0 endpoints
Test user accounts
Relaxed auth policies

Go Live

When ready, promote your SP to the live realm. Your users can now authenticate with real credentials and MFA.

One-click promotion
Live realm activated
Production-ready

Standard SAML 2.0 Endpoints

ClickID implements standard SAML 2.0 protocols. If your SP supports SAML, it supports ClickID. No custom integration work required.

Single Sign-On

/protocol/saml

Metadata

/protocol/saml/descriptor

SLO

/protocol/saml/logout

SAML Response Example XML

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                Destination="https://sp.example.com/acs"
                ID="_response-id"
                InResponseTo="_request-id"
                IssueInstant="2024-01-15T10:30:00Z"
                Version="2.0">
  <saml:Issuer>https://auth.clickid.eu/realms/clickid</saml:Issuer>
  <samlp:Status>
    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
  </samlp:Status>
  <saml:Assertion ID="_assertion-id"
                   IssueInstant="2024-01-15T10:30:00Z"
                   Version="2.0">
    <saml:Issuer>https://auth.clickid.eu/realms/clickid</saml:Issuer>
    <saml:Subject>
      <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">
        a1b2c3d4e5f6g7h8i9j0k1l2
      </saml:NameID>
      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
        <saml:SubjectConfirmationData
          InResponseTo="_request-id"
          NotOnOrAfter="2024-01-15T10:35:00Z"
          Recipient="https://sp.example.com/acs"/>
      </saml:SubjectConfirmation>
    </saml:Subject>
  </saml:Assertion>
</samlp:Response>

Pricing

Simple, Transparent Pricing

Start free with unlimited sandbox access. Upgrade when you're ready for production.

Sandbox

Perfect for development and testing

Free

Unlimited sandbox SPs
Test user accounts
Relaxed authentication
No email verification
Community support
No SLA

Start Free

Cloud

Managed ClickID for production

€99 /month

1 live SP included
10,000 authentications/month
Email support
99.9% uptime SLA
EU data residency
Custom domain

Start Free Trial

Scale

For growing organizations

€499 /month

5 live SPs included
100,000 authentications/month
Priority support
99.95% uptime SLA
Advanced analytics
Custom branding

Contact Sales

Enterprise

Self-hosted with support

Custom

Unlimited SPs
Unlimited authentications
24/7 dedicated support
99.99% uptime SLA
Custom development
On-premise deployment

Contact Sales

Frequently Asked Questions

Can I self-host ClickID?

Yes! ClickID is fully open source under EUPL-1.2. You can self-host for free using our Helm charts and Docker images. Enterprise support contracts are available for organizations that need SLA-backed assistance.

What happens if I exceed my authentication limit?

We never block authentication. Additional authentications are billed at €0.005 per auth (Cloud) or €0.003 per auth (Scale). We'll notify you when you approach your limit.

Is ClickID legally equivalent to DigiD?

No. ClickID is a technical replacement, not a legal one. Services legally required to use DigiD (government, certain healthcare) cannot use ClickID. It's designed for private-sector services using DigiD by convention.

View all FAQs →

Need a custom solution? Contact our sales team for volume pricing and custom deployments.

Security First

Enterprise-Grade Security

Built with security as the primary concern. Auditable, transparent, and compliant with EU data protection regulations.

End-to-End Encryption

All SAML assertions are digitally signed with RSA-SHA256. TLS 1.3 for all connections.

Pseudonymous Identifiers

HMAC-SHA256 sector-IDs prevent cross-service tracking. No BSN or email exposed to SPs.

MFA Required

TOTP or WebAuthn passkeys required for production access. Password-only authentication blocked.

EU Data Residency

All data stored in EU datacenters. No data transfer outside EU jurisdiction.

Audit Logging

Comprehensive authentication logs with tamper-proof signatures. Export to your SIEM.

Open Source

Full source code available for security audit. No black-box authentication logic.

Compliance & Certifications

Working towards industry-standard security certifications

GDPR

Compliant

eIDAS

Compatible

ISO 27001

In Progress

SOC 2

In Progress

View Security Documentation

Ready to replace DigiD?

Start with a free sandbox account today. No credit card required. Upgrade to production when you're ready.

Start Free Sandbox Talk to Sales

Questions? Email us at hello@clickid.eu