IAS Onboarding Questionnaires
When institutions request a new client/scope in IAS they are provided with a document to fill out, which is then used to configure the client/scope to best suit the institutions needs. Below are more detailed explanations of the questions asked in the document to assist institutions in filling out the document as accurately as possible.
If these explanations do not suffice, please contact a member of the IAS onboarding team for further assistance. Note that these questions are intended for web clients (for user authentication), if you require a machine client (for machine to machine communication) please contact a member of the IAS onboarding team.
About the Institution
If the institution in question is not already using any IAS services some general information about the institution are needed. Those are:
Display Name of the institution in Icelandic
Display Name of the institution in English
Kennitala (social security number) of the institution
Institution domain
Usually the institution's website, e.g. island.is or myorg.is
Client
An application making protected resource requests on behalf of a resource owner (such as a user). The clients represent applications that can request tokens from the IAS.
Client/application information
To create a client we need the following information:
An example of how to use scopes can be found here.
Display name of the system in Icelandic
Will be visible to users during login
Display name of the system in English
Will be visible to users during login
Suggestion for client ID
Client ID is used to identify the client during login requests.
usually follows the format
@{domain}/{subdomain?}/{app}
, e.g.@island.is/web
,@myorg.is/minarsidur
May be changed by IAS onboarding team to fit naming conventions and avoid clashes with existing client IDs
Callback urls/Redirect urls
A list of urls to which the user can be redirected after authentication is completed.
The value passed to the IAS in the
redirect_uri
parameter must perfectly match an entry in this list, so care for trailing"/" or https vs httpTwo separate lists for staging (development) and production
The parameter in Oauth is defined as
redirect_uri
, but the terms redirect url and callback url often used in documentation/online guidesOften not fully defined when filling out the questionnaire, leaving this half complete or blank is fine in that case.
Post Logout Redirect Urls
For user redirection after logout
Same concept as for callback/redirect urls
Tech stack of your application
Whether the authentication is done client or server-side
Application user information
Which group of users is the login client intended for? IAS supports logins for various groups of users. This set of questions is primarily intended to make the implementing institution aware of the options. In most cases institution choose to start off with a simple set of user groups and expand later on. For further informations and advice contact the IAS onboarding team.
Individuals
Legal guardians on behalf of their wards
Procuring Holders on behalf of their companies
Employees/contractors on behalf of companies who have been granted rights by the procuring holder
Individuals on behalf of other individuals who have granted them rights
Delegations (umboð)
IAS allows institutions to define delegations (umboð) which a user (delegator/umboðsveitandi) can then grant to other individuals (delegatee/umboðshafi) to allow the delegatee to access information and act on behalf of the delegator. It is also possible to define delegations that can be granted on behalf of other users/entities, a common example of this is when a company's procuring holder designates an "access controller" within the company who can then grant other employees/contractors delegations as needed.
Delegation Information
It is important to note that both the Display name and description must give the user a clear idea of which rights will be granted by the delegation and that those rights do not change over time. Do not hesitate to contact the IAS onboarding team for advice on wording and structuring of delegations.
Display name of delegation in Icelandic
Display name of delegation in English
Description of delegation in Icelandic
Description of delegation in English
Short summary of what rights the delegation will give the user and how it will be used
This is primarily to give the IAS onboarding team an idea of your use case and help them advice on potential changes.
Delegation user groups
In order to create the delegation we need to know which groups of users should be able to grant the delegation. We also ask for a short user story for each group of users, this is in order to help the IAS onboarding team give you the best advice on how to achieve your user stories.
Should this delegation be granted to individuals in their own name?
In most cases the answer to this question is yes, however in some cases the delegation is only relevant for representatives of companies/legal entities. In that case please answer "No" to this question
Should this delegation be granted to legal guardians on behalf of their wards?
Should this delegation be granted to procuring holders on behalf of their companies
Should the representative of a company be able to grant this delegation to other individuals on behalf of the company?
Should an individiual be able to grant this delegation to other individuals?
Are there any other use cases not covered by the previous answers in this category?
Last updated