Quick Start

CIBA Onboarding Guide

Overview

CIBA (Client-Initiated Backchannel Authentication) onboarding is currently available only to Government agencies and is assessed on a case-by-case basis.

Typical CIBA Flow

For a call-centre use case:

1. A call-centre agent verifies the caller’s identity

2. The agent initiates a CIBA request via Singpass

3. A push notification is sent to the user’s Singpass app

4. The user reviews and approves the request

5. The transaction proceeds upon successful authentication

Onboarding Steps

1. Create a Staging App

Create a staging app via the Singpass Developer Portal (SDP): https://docs.developer.singpass.gov.sg/docs/singpass-developer-portal-sdp/user-guide/create-staging-app

Configuration:

• Select openid as the only scope

• Use dummy values for fields not applicable (e.g. Site URL, Redirect URL)

• Configure your JWKS endpoint

2. Submit Use Case for Assessment

Share the following details via Partner Support:

• Description of your CIBA use case

  • When is CIBA triggered?

  • Why is CIBA required?

• Expected monthly transaction volume

• Systems that will integrate with Singpass

3. Evaluation by Singpass

The Singpass Product and Security teams will assess:

• Alignment with CIBA policy

• Authentication assurance requirements

• User journey and risk controls

• Availability of fallback flows

We may follow up with clarifications during this stage.

4. Whitelisting & Testing

If the use case is approved:

• Your use case will be whitelisted

• Your team can proceed with testing in staging

5. Production Setup

Once testing is complete:

1. Submit a Production App Request via SDP

2. Indicate that the app is for CIBA

3. Include your User Journey (UJ)

4. Singpass will whitelist your client ID for CIBA usage