Enterprise dashboard

Onboarding and account provisioning

iGrant.io provides a self onboarding capability once the admin user is configured on the system. The admin user is able to define the following account provisioning feartures:

  • Logo and cover images
  • Organisation description
  • Billing and invoicing info

Data model management

iGrant.io maintains an indexed metadata registry with a publish–subscribe service. It supports all CRUD (create, read, update, and delete) services for managing the metadata of the data models for any organisation. These services are used for transparency, compliance, facilitating agreement handling between ecosystem players and exercising personal data rights in a standardised manner.

Using this service, an organisation admin (or any user with similar previledges) is able to define data agreements as a data model and manage it accordingly. This can be done by integrating with the platform's APIs directly or via the forms provided in the Enterprise dashboard.

The various steps involved in defining a data agreement is as given:

  • Usage purpose (s)
  • Description of the usage purpose in the agreement
  • Data agreement type (e.g. data exchange or non-data exchange type)
  • Legal basis of the agreement aligned to data regulations (E.g. Consents, Performance of a Contract, Legitimate Interest, Vital Interest, Legal Requirement and Public Interest)
  • Data policy configurations, e.g. data retention period
  • Data attribute (s) used for the given usage purpose

Organisation admins are also able to generate a QR code for data exchange or for obtaining consents from individuals within this feature.

Data Exchange

A key function to enable any kind of data exchange involves deployment of an agent that implements the data exchange protocols. iGrant.io implements and Self-Sovereign Identity based organisation and user agents as per implementing various Aries Interop Profile protocols. The agents are automatically deployed via the dashboard (and mobile agent SDKs).

The enterprise dashboard also provides playground to test the deployed agent to create connections, issue credentials and perform verifications.

End user management

This is a service management function for an organisation's end user. The sub-chapters below describes the key features enabled as part of end-user management.

Subscription

Here, an organistion is able to manage end-user services. The key functions are:

  • Enable/Disable end user preference centers. E.g. during mainteance or during data model provisioning.
  • View the current number of users using the service
  • Define and configure the authentication system or identity management system for the organisation. The supported protocols are OpenID connect and SAML.
  • For smaller organisations without an identity management system, they are able to provide keys towards their users to enter iGrant.io user preference centers

Consents

One fundamental value of iGrant.io for businesses is to fetch data about users who have consented to the use of certain data for certain purposes. This feature provides a basic end consumer/user query functions to the organisation admin, or DPO to view and question user consents. The different functions include:

  • Query users who have consented to a particular purpose
  • Query users who have consented to an attribute in a particular purpose
  • View all users provisioned in the system
  • Download the query response in csv format

The individual APIs supports the following functions:

  • View all usage purpose
  • View a usage purpose with the personal data attributes used for that usage purpose
  • Opt-in/Opt-out at the purpose level as well as at the personal data attribute level
  • View the data agreement policy, e.g. the data retentention period
  • Automated notification and disabling of consents when the retention period expires

Notifications

The iGrant.io platform allows organisations to send event notifications for various purposes. This feature is used by the organisation to issue notifications towards the user in scenarios outlined below:

Privacy board

An organisation can deploy and maintain a privacy dashboard for their users using this feature. An admin user is able to perform the following key features:

  • Configure the deployment of the privacy dashboard via Manage End Users → Privacy Board. The params are:

    • DNS name (igrant.io is default extension but this can be redirected to any)
    • If Logo, is not already configured, default iGrant.io logo shall be used. Favicon is same as the logo
    • Release number of the SW image for privacy dashboards
  • View the deployment info of the privacy dashboard: Deployment status (Can be NOT-CONFIGURED, REQUESTED and DEPLOYED) with the deployed version and DNS name

Account management

The key features here includes:

  • Manage billing and invoicing
  • View logs
  • Manage organisational admin users roles: Owner, Admin, Developer and DPO

Log handling

All organisation level log are as per the following categories:

  • Security (Login/Logout)
  • API Calls
  • Organisation Users (Owner/Admin/… in the future DPO, etc)
  • End User

Developer

In this section, an organisation admin (Role: Developer) is able to get the API keys and tokens to be used when calling iGrant.io APIs.

Support events

User requests

iGrant.io outlines the handling of system events feature between organisations and their end users. This enables an organisation users to make specific personal data requests towards organisations and providing a mechanism for follow ups, for example based on GDPR Data Subject Requests as per GDPR Chaper 3 Articles.

The specific web-based requests that needs workflow integrations are as given:

Webhooks

Webhooks allow the organisation to build or set up integrations to their existing IT workflows. It allows external services to be notified when certain events happen. When the specified events happen, iGrant.io will send a POST request to each of the URLs an organisation admin provides. Gennerally, the event is triggered by the user and will contain the details of any subscribed events. The admin user will be able to specify which data format one would like to receive, the default being JSON.

The key features supported are:

  • Configure what events they are interested in among a predefined list of events towards their end-users
  • Configure webhook URLs similar to GitHub. The parameters needed are: The payload URL, the data format (application/JSON as default) and the event subscription required
  • View the status of the delivered webhooks. It shall also be available as an under logs as well
Last updated on by Lal Chandran