Key Principles

Authentication and Authorisation

Use Corppass Login as an authentication and authorisation service

• Corppass Login should be used to verify both the identity of the user and their authorised role / permissions for the digital service.

User identification using UUID

• While Corppass provides both NRIC/FIN and UUID, digital services are recommended to use the Universally Unique Identifier (UUID) to identify users.

• UUID avoids handling sensitive NRIC/FIN information and provides a stable, privacy-friendly identifier for authentication and authorisation.

Alternative login options

• Where feasible, offer support for users who may require non-Corppass login options to access your service.

Data Use and Compliance

Comply with PDPA and applicable legislation

• Protect, retain and transfer any data retrieved according to the Personal Data Protection Act (PDPA), relevant industry regulations and applicable legislation.

• For collection of National Identification Numbers, refer to the advisory guidelines from PDPC here.

Use data and credentials for lawful purposes

• Ensure that any access or usage of Corppass credentials and retrieved data is strictly for authorised and lawful purposes.