Login.gov logo

Login.gov

Login.gov is the U.S. federal government's secure single sign-on and identity verification service for the public, operated by the General Services Administration's Technology Transformation Services (GSA TTS). Relying parties — federal, and in some cases state and local — federate user authentication to Login.gov via OpenID Connect (iGov profile) or SAML 2.0, with support for IAL1 (auth-only) and IAL2 (identity-verified) assurance and AAL2 multi-factor authentication including phishing-resistant and PIV/CAC authenticators.

2 APIs 2 Capabilities 14 Features
GovernmentFederalGSAIdentityAuthenticationSSOOIDCSAMLIAL2AAL2

Login.gov publishes 2 APIs on the APIs.io network: OpenID Connect API and SAML 2.0 API. Tagged areas include Government, Federal, GSA, Identity, and Authentication.

The Login.gov catalog on APIs.io includes 2 machine-runnable capabilities, 1 JSON-LD context, and 1 Spectral governance ruleset.

Login.gov’s developer surface includes developer portal, documentation, signup flow, getting-started guide, sandbox, engineering blog, privacy policy, and 12 more developer resources.

APIs

Login.gov OpenID Connect API

The Login.gov OIDC integration surface used by relying parties. Conforms to the iGov OpenID Connect Profile. Supports authorization code flow with private_key_jwt (web apps) or ...

Login.gov SAML 2.0 API

SAML 2.0 federation surface for relying parties that prefer SAML over OIDC. Uses HTTP-Redirect SSO and HTTP-POST SLO with the persistent NameID format (UUID v4). Endpoints are y...

Capabilities

Login.gov OIDC — Authentication

Login.gov OpenID Connect authentication capability. Covers discovery, authorization, token exchange, userinfo, and RP-initiated logout against the federal SSO IdP.

Run with Naftiko

Login.gov SAML — Authentication

Login.gov SAML 2.0 capability for relying parties that federate via SAML rather than OIDC. Exposes metadata, SSO, and SLO endpoints.

Run with Naftiko

Features

Single account for the public to access participating federal services
OpenID Connect (iGov profile) and SAML 2.0 federation
Authorization code flow with private_key_jwt or PKCE; implicit flow not supported
IAL1 (authentication only) and IAL2 (identity-verified) assurance levels
AAL2 with TOTP, SMS/voice, push, security keys, PIV/CAC, and platform passkeys
Phishing-resistant AAL2 variant and HSPD-12 (PIV/CAC) AAL2 variant
Identity proofing with optional facial-match step
Self-service Partner Portal (sandbox and production) for client registration and scope/cert management
JWKS endpoint with at-least-annual key rotation; SAML certs rotated yearly with year-versioned endpoints
{"User attributes scoped per OIDC scope/SAML attribute"=>"email, all_emails, name, address, birthdate, phone, SSN, verified_at, locale, x509 subject/issuer/presented"}
{"Built and operated in the open"=>"identity-idp (Ruby on Rails) and sample SP apps published under github.com/18F"}
English, Spanish, and French locales
Section 508 accessibility commitment; published privacy policy and PIA
Cost-recoverable funding model via Interagency Agreement (IAA); no public rate card

Semantic Vocabularies

Login Gov Context

29 classes · 4 properties

JSON-LD

API Governance Rules

Login.gov API Rules

7 rules · 5 errors 2 warnings

SPECTRAL

Resources

🔗
Website
Website
🌐
Portal
Portal
🔗
Documentation
Documentation
📝
SignUp
SignUp
🚀
GettingStarted
GettingStarted
🔗
Sandbox
Sandbox
👥
GitHubOrganization
GitHubOrganization
👥
GitHubRepository
GitHubRepository
👥
GitHubRepository
GitHubRepository
👥
GitHubRepository
GitHubRepository
🟢
StatusPage
StatusPage
📰
Blog
Blog
🔗
Contact
Contact
🔗
BusinessInquiries
BusinessInquiries
📜
Privacy
Privacy
🔗
Accessibility
Accessibility
🔗
Plans
Plans
🔗
RateLimits
RateLimits
🔗
Vocabulary
Vocabulary

Sources

Raw ↑ 
aid: login-gov
name: Login.gov
description: Login.gov is the U.S. federal government's secure single sign-on and identity verification service for the public, operated by the General Services Administration's Technology Transformation Services (GSA TTS). Relying parties — federal, and in some cases state and local — federate user authentication to Login.gov via OpenID Connect (iGov profile) or SAML 2.0, with support for IAL1 (auth-only) and IAL2 (identity-verified) assurance and AAL2 multi-factor authentication including phishing-resistant and PIV/CAC authenticators.
type: Index
position: Consumer
access: 3rd-Party
image: https://kinlane-productions.s3.amazonaws.com/apis-json/apis-json-logo.jpg
tags:
- Government
- Federal
- GSA
- Identity
- Authentication
- SSO
- OIDC
- SAML
- IAL2
- AAL2
created: '2026-05-25'
modified: '2026-05-25'
url: https://raw.githubusercontent.com/api-evangelist/login-gov/refs/heads/main/apis.yml
specificationVersion: '0.19'
apis:
- aid: login-gov:login-gov-oidc-api
  name: Login.gov OpenID Connect API
  description: |
    The Login.gov OIDC integration surface used by relying parties. Conforms to the
    iGov OpenID Connect Profile. Supports authorization code flow with
    private_key_jwt (web apps) or PKCE (native apps); implicit flow is not supported.
    Exposes discovery, JWKS, authorize, token, userinfo, and RP-initiated logout
    endpoints in both sandbox (idp.int.identitysandbox.gov) and production
    (secure.login.gov).
  humanURL: https://developers.login.gov/oidc/
  baseURL: https://secure.login.gov
  tags:
  - OIDC
  - OpenID Connect
  - Authentication
  - SSO
  - Federal
  properties:
  - type: Documentation
    url: https://developers.login.gov/oidc/
  - type: Documentation
    url: https://developers.login.gov/oidc/getting-started/
  - type: Documentation
    url: https://developers.login.gov/oidc/authorization/
  - type: Documentation
    url: https://developers.login.gov/oidc/token/
  - type: Documentation
    url: https://developers.login.gov/oidc/user-info/
  - type: Documentation
    url: https://developers.login.gov/oidc/logout/
  - type: Documentation
    url: https://developers.login.gov/oidc/certificates/
  - type: SignUp
    url: https://portal.int.identitysandbox.gov
  - type: OpenAPI
    url: openapi/login-gov-oidc-openapi.yml
  - type: JSONSchema
    url: json-schema/login-gov-userinfo-schema.json
  - type: JSONSchema
    url: json-schema/login-gov-id-token-schema.json
  - type: JSONLD
    url: json-ld/login-gov-context.jsonld
  - type: NaftikoCapability
    url: capabilities/oidc-authentication.yaml
  - type: SpectralRuleset
    url: rules/login-gov-rules.yml

- aid: login-gov:login-gov-saml-api
  name: Login.gov SAML 2.0 API
  description: |
    SAML 2.0 federation surface for relying parties that prefer SAML over OIDC. Uses
    HTTP-Redirect SSO and HTTP-POST SLO with the persistent NameID format (UUID v4).
    Endpoints are year-versioned (2026 = certificates valid through April 1, 2027).
    Metadata is published; clients should consume it dynamically to handle annual
    certificate rotations.
  humanURL: https://developers.login.gov/saml/
  baseURL: https://secure.login.gov
  tags:
  - SAML
  - Authentication
  - SSO
  - Federal
  properties:
  - type: Documentation
    url: https://developers.login.gov/saml/
  - type: Documentation
    url: https://developers.login.gov/saml/getting-started/
  - type: OpenAPI
    url: openapi/login-gov-saml-openapi.yml
  - type: NaftikoCapability
    url: capabilities/saml-authentication.yaml

common:
- type: Website
  url: https://www.login.gov
- type: Portal
  url: https://www.login.gov/partners
- type: Documentation
  url: https://developers.login.gov
- type: SignUp
  url: https://www.login.gov/partners/get-started/
- type: GettingStarted
  url: https://developers.login.gov/oidc/getting-started/
- type: Sandbox
  url: https://portal.int.identitysandbox.gov
- type: GitHubOrganization
  url: https://github.com/18F
- type: GitHubRepository
  name: identity-idp
  url: https://github.com/18F/identity-idp
- type: GitHubRepository
  name: identity-oidc-sinatra (sample relying party)
  url: https://github.com/18F/identity-oidc-sinatra
- type: GitHubRepository
  name: identity-saml-sinatra (sample relying party)
  url: https://github.com/18F/identity-saml-sinatra
- type: StatusPage
  url: https://status.login.gov
- type: Blog
  url: https://www.login.gov/about/news/
- type: Contact
  url: https://www.login.gov/contact/
- type: BusinessInquiries
  url: https://www.login.gov/partners/business-inquiries/
- type: Privacy
  url: https://www.login.gov/policy/
- type: Accessibility
  url: https://www.login.gov/accessibility/
- type: Plans
  url: plans/login-gov-plans-pricing.yml
- type: RateLimits
  url: rate-limits/login-gov-rate-limits.yml
- type: Vocabulary
  url: vocabulary/login-gov-vocabulary.yml
- type: Features
  data:
  - Single account for the public to access participating federal services
  - OpenID Connect (iGov profile) and SAML 2.0 federation
  - Authorization code flow with private_key_jwt or PKCE; implicit flow not supported
  - IAL1 (authentication only) and IAL2 (identity-verified) assurance levels
  - AAL2 with TOTP, SMS/voice, push, security keys, PIV/CAC, and platform passkeys
  - Phishing-resistant AAL2 variant and HSPD-12 (PIV/CAC) AAL2 variant
  - Identity proofing with optional facial-match step
  - Self-service Partner Portal (sandbox and production) for client registration and scope/cert management
  - JWKS endpoint with at-least-annual key rotation; SAML certs rotated yearly with year-versioned endpoints
  - User attributes scoped per OIDC scope/SAML attribute: email, all_emails, name, address, birthdate, phone, SSN, verified_at, locale, x509 subject/issuer/presented
  - Built and operated in the open: identity-idp (Ruby on Rails) and sample SP apps published under github.com/18F
  - English, Spanish, and French locales
  - Section 508 accessibility commitment; published privacy policy and PIA
  - Cost-recoverable funding model via Interagency Agreement (IAA); no public rate card

position: Consuming

maintainers:
- FN: Kin Lane
  email: [email protected]
  X: apievangelist
  url: https://apievangelist.com