Yes, in addition to the production environment BankID offers Sandbox for testing and a first experience with the solution.
To access the Sandbox, you only need to register and create an application.
Currently, Sandbox offers the ability to verify the authentication flow by obtaining the user's requested information, document signing and ability to receive notification of changes in user's data.
Yes, application management allows you to invite multiple colleagues to work with one application.
As a service provider, access is possible even without certificates (except for TLS). It is up to the application developer what level of security to use. We recommend that you read our safety recommendations.
Yes, BankID provides a unique user identifier. This identifier does not change for the application over time (unless the application requires it).
Suppose the Service Provider does not specify the required bank id when invoking authentication. In that case, the user is redirected to the so-called bank selector to select "his bank for authentication".
BankID supports different levels of authentication. Each Service Provider can select the required levels and request it by acr parameter in the individual authentication request. The recommended values are loa2, which corresponds to a single-factor login, and loa3, which corresponds to two-factor authentication.