8.6. Appendix 7 – Correct Implementation Procedure

When implementing the MojeID service, follow these best practices:

1. Logging into the MojeID service should be initiated only by a “Login with MojeID” button, as described in the implem-oid-zadost-prihlaseni section.

2. There should be text links “Why MojeID” and “Create MojeID account” next to or under the “Login with MojeID” button.

   1. Direct the “Why MojeID” link to a local page explaining the benefits of using MojeID on your page (local benefits) or the information page.

   2. The “Create MojeID account” text link can be replaced by a “Create MojeID account” button as per the example.

      

      Direct the button to a local MojeID registration page or to a universal MojeID registration form.

      

   3. If it is not possible to add links to the button as per the previous points 2.a and 2.b, we recommend to add them to an administration page of the user’s local account.

3. If possible, place a “Powered by MojeID” logo on your main page with a link to the place in your system where MojeID is used, or to the local page in your system that contains information on the MojeID service.

4. The data that are required to be handed over have to be in line with your system:

   1. Only the items that are required for the registration process in your system can be marked as required.

   2. The other items have to be marked as optional.

   3. You must not require the disclosure of items that you do not use in your system.

5. If you require the disclosure of the user’s personal data during the login using MojeID, it is recommended (in case this data differs from the data stored in the local account of your service) to let the user decide whether they want to keep the existing data in the service’s local account, or whether they should be updated by the data retrieved from MojeID.

6. The implementation of the MojeID service needs to be designed in such way that the MojeID user can choose from the following two options when they first access your service using MojeID:

   1. link MojeID with an existing local account, or

   2. create a new local account using data retrieved from MojeID and link this newly created local account with MojeID.

7. In the user’s local account administration:

   1. We recommend to display the user’s MojeID identifier upon linking with the MojeID account.

   2. We recommend to show a link or a button “Create MojeID account” as per the point n. 2. In case the user does not have their local account linked with MojeID, and therefore probably does not have a MojeID account, we recommend to prefill the MojeID registration form with the data from the user’s local account.

      

   3. The user needs to have an option to link MojeID with an existing local account, if it is not already linked.

   4. The user needs to have an option to unlink the local account from MojeID.

8. Changes of the appearance of buttons and other graphical elements are possible only with an explicit consent from the CZ.NIC Association.

9. MojeID implementation must be done only using protocols OpenID Connect or SAML as per specification in the technical documentation.

Warning

The OpenID 2.0 protocol is no longer supported.