Configure Datafordeler - CPR

As CPR contact data is imported from the Danish Central Office of Civil Registration (CPR) using Datafordeler, you must create and configure a Datafordeler service user correctly to subscribe to CPR-based events. You can create a new service user for WorkZone, and then configure the service user to subscribe to CPR-based events.

Prerequisite: You must have a Datafordeler account to create and configure a service user.

As CPR contact data is imported from the Danish Central Office of Civil Registration (CPR) using Datafordeler, you must create and configure a system to access this data.

Prerequisite:

  • A system must be created in Datafordeler.

  • If using a certificate, request an OCES3 certificate.

    • The PFX or P12 formats are in WorkZone.

    • The PEM format is use in Datafordeler.

  1. Log in to the administration portal using MitID Erhverv (Do not use Web Bruger).

  2. Create a system.

  3. Create either an OAuth Shared Secret or an OAuth Certificate. It is required to use a certificate in PEM format. In both cases, save the client secret as it is required when configuring authentication profiles in WorkZone Configurator.

  4. Set the expiration period for each authorization to maximum 730 days.

  5. Ensure that expiry notifications are enabled.

  6. Add the external IP address to the IP-adresser list using range /32.

  7. In Dataadgang, click Opret, and apply for access to CPR. Follow the linked guide for instructions on filling in the application form.

  8. Attach the required PDF to the application.

  9. In the Register menu, select CPR.

  10. In Vælg entiteter og tjenester, select CustomPublicSectorPerson (public authority) or CustomPrivateSectorPerson (private company). These options cannot be combined within the same system.

For more information, see Brugeradgang in the Datafordeler documentation (in Danish).

Note: Datafordeler is transitioning from REST to GraphQL, which means that REST support in Contact update and Contact lookup will be deprecated in a future WorkZone release (no earlier than early 2027).
  1. Log in to your Datafordeler account with your Datafordeler user name and password (you can reuse your organization’s Datafordeler account). If you do not have a Datafordeler account, you must create one.
  2. In Datafordeler, create a service user for WorkZone. The service user must use an OCES3 certificate as authentication and you must upload your OCES3 certificate when creating the service user.
    • If you request a new OCES3 certificate for CPR updates only, you must wait until you have received the certificate file, as the certificate file must be uploaded to Datafordeler.
    • If you use multiple OCES3 certificates, make sure to use the correct OCES3 certificate for the appropriate service user and to store the certificates in a safe location.
  3. Request access to the following services:
    • Public authorities: CprPersonFullComplete
    • Private companies: CprPrivatePNR
  1. Request whitelisting of the IP address of WorkZone.

    Please contact KMD Cloud Center of Excellence to get the IP address (public or EU cloud), or your Operations Manager if WorkZone is hosted in your organization's own data center or by a hosting partner (private cloud).

For more information about configuring Datafordeler, please refer to the following documentation (only in Danish):

  1. In WorkZone Configurator, go to Services > Contact synchronization > Auth profiles. See Authentication profiles.
  2. Edit the authentication profile that you want to upload the certificate to. See Upload a certificate.
  3. Optionally, you can specify whether to use public or private access to CPR data. Enable the Private company option on the CPR tab, if you require private company access to Datafordeler. This option is disabled by default.