IAS Onboarding Questionnaires

When institutions request a new client/scope in IAS they are provided with a document to fill out, which is then used to configure the client/scope to best suit the institutions needs. Below are more detailed explanations of the questions asked in the document to assist institutions in filling out the document as accurately as possible.

If these explanations do not suffice, please contact a member of the IAS onboarding team for further assistance. Note that these questions are intended for web clients (for user authentication), if you require a machine client (for machine to machine communication) please contact a member of the IAS onboarding team.

About the Institution

If the institution in question is not already using any IAS services some general information about the institution are needed. Those are:

  1. Display Name of the institution in Icelandic

  2. Display Name of the institution in English

  3. Kennitala (social security number) of the institution

  4. Institution domain

    • Usually the institution's website, e.g. island.is or myorg.is

Client

An application making protected resource requests on behalf of a resource owner (such as a user). The clients represent applications that can request tokens from the IAS.

Client/application information

To create a client we need the following information:

An example of how to use scopes can be found here.

  1. Display name of the system in Icelandic

    • Will be visible to users during login

  2. Display name of the system in English

    • Will be visible to users during login

  3. Suggestion for client ID

    • Client ID is used to identify the client during login requests.

    • usually follows the format @{domain}/{subdomain?}/{app}, e.g. @island.is/web, @myorg.is/minarsidur

    • May be changed by IAS onboarding team to fit naming conventions and avoid clashes with existing client IDs

  4. Callback urls/Redirect urls

    • A list of urls to which the user can be redirected after authentication is completed.

    • The value passed to the IAS in the redirect_uri parameter must perfectly match an entry in this list, so care for trailing"/" or https vs http

    • Two separate lists for staging (development) and production

    • The parameter in Oauth is defined as redirect_uri, but the terms redirect url and callback url often used in documentation/online guides

    • Often not fully defined when filling out the questionnaire, leaving this half complete or blank is fine in that case.

  5. Post Logout Redirect Urls

    • For user redirection after logout

    • Same concept as for callback/redirect urls

  6. Tech stack of your application

  7. Whether the authentication is done client or server-side

Application user information

Which group of users is the login client intended for? IAS supports logins for various groups of users. This set of questions is primarily intended to make the implementing institution aware of the options. In most cases institution choose to start off with a simple set of user groups and expand later on. For further informations and advice contact the IAS onboarding team.

  1. Individuals

  2. Legal guardians on behalf of their wards

  3. Procuring Holders on behalf of their companies

  4. Employees/contractors on behalf of companies who have been granted rights by the procuring holder

  5. Individuals on behalf of other individuals who have granted them rights

Delegations (umboð)

IAS allows institutions to define delegations (umboð) which a user (delegator/umboðsveitandi) can then grant to other individuals (delegatee/umboðshafi) to allow the delegatee to access information and act on behalf of the delegator. It is also possible to define delegations that can be granted on behalf of other users/entities, a common example of this is when a company's procuring holder designates an "access controller" within the company who can then grant other employees/contractors delegations as needed.

Delegation Information

It is important to note that both the Display name and description must give the user a clear idea of which rights will be granted by the delegation and that those rights do not change over time. Do not hesitate to contact the IAS onboarding team for advice on wording and structuring of delegations.

  1. Display name of delegation in Icelandic

  2. Display name of delegation in English

  3. Description of delegation in Icelandic

  4. Description of delegation in English

  5. Short summary of what rights the delegation will give the user and how it will be used

    • This is primarily to give the IAS onboarding team an idea of your use case and help them advice on potential changes.

Delegation user groups

In order to create the delegation we need to know which groups of users should be able to grant the delegation. We also ask for a short user story for each group of users, this is in order to help the IAS onboarding team give you the best advice on how to achieve your user stories.

  1. Should this delegation be granted to individuals in their own name?

    • In most cases the answer to this question is yes, however in some cases the delegation is only relevant for representatives of companies/legal entities. In that case please answer "No" to this question

  2. Should this delegation be granted to legal guardians on behalf of their wards?

  3. Should this delegation be granted to procuring holders on behalf of their companies

  4. Should the representative of a company be able to grant this delegation to other individuals on behalf of the company?

  5. Should an individiual be able to grant this delegation to other individuals?

  6. Are there any other use cases not covered by the previous answers in this category?

PreviousTest IAS with PostmanNextNotifications / Hnipp

Last updated