Application Requirements

The following high-level requirements are provided for you to assess whether your application can integrate with NYC.ID. For further information about each requirement, refer to the individual integration pages.

 

Technical Requirements

• Authorize public users to access it

  NOTE: City employees are allowed access via the NYC Employees button.

• For Web integration:
1. Use SAML 2.0, acting as the Service Provider (SP) using the SP-initiated Web Browser SSO Profile
2. Trust the NYC.ID public user SAML 2.0 Identity Provider (IdP) (called a metadata exchange)
3. Implicitly trust all federated identity providers
4. Support SAML 2.0 Single Logout or, if not supported by your SP, invoke an IdP Logout
5. Must digitally sign SAML 2.0 transactions
6. Include an Application Header, which displays the NYC.gov logo, your application name, a link to the user's NYC.ID profile, plus a few other items
• For Web or native mobile application ("app") integration:
1. Invoke the NYC.ID Authorization Web Service
2. Securely store the OAuth 2.0 access token
3. Not store your NYC.ID Service Account on mobile devices

NOTE: Your application cannot include an Application Brand Banner.

• Confirm that the user has a validated email address

 

Procedural Requirements

• Your application must comply with Citywide Cybersecurity Requirements for Vendors & Contractors.
• Your application must comply with NYC.ID's Acceptable Use Policy when conducting performance and security testing.

 

Recommendations

• Verify that your application meets all technical requirements by performing Pre-Production Testing.

  NOTE: The NYC.ID Quality Assurance Team can assist with verification.

• Review NYC.ID best practices