Onboarding and account provisioning
iGrant.io provides a self onboarding capability once the admin user is configured on the system. The admin user is able to define the following account provisioning feartures:
- Logo and cover images
- Organisation description
- Billing and invoicing info
Data model management
iGrant.io maintains an indexed metadata registry with a publish–subscribe service. It supports all CRUD (create, read, update, and delete) services for managing the metadata of the data models for any organisation. These services are used for transparency, compliance, facilitating agreement handling between ecosystem players and exercising personal data rights in a standardised manner.
Using this service, an organisation admin (or any user with similar previledges) is able to define data agreements as a data model and manage it accordingly. This can be done by integrating with the platform's APIs directly or via the forms provided in the Enterprise dashboard.
The various steps involved in defining a data agreement is as given:
- Usage purpose (s)
- Description of the usage purpose in the agreement
- Data agreement type (e.g. data exchange or non-data exchange type)
- Legal basis of the agreement aligned to data regulations (E.g. Consents, Performance of a Contract, Legitimate Interest, Vital Interest, Legal Requirement and Public Interest)
- Data policy configurations, e.g. data retention period
- Data attribute (s) used for the given usage purpose
Organisation admins are also able to generate a QR code for data exchange or for obtaining consents from individuals within this feature.
A key function to enable any kind of data exchange involves deployment of an agent that implements the data exchange protocols. iGrant.io implements and Self-Sovereign Identity based organisation and user agents as per implementing various Aries Interop Profile protocols. The agents are automatically deployed via the dashboard (and mobile agent SDKs).
The enterprise dashboard also provides playground to test the deployed agent to create connections, issue credentials and perform verifications.
End user management
This is a service management function for an organisation's end user. The sub-chapters below describes the key features enabled as part of end-user management.
Here, an organistion is able to manage end-user services. The key functions are:
- Enable/Disable end user preference centers. E.g. during mainteance or during data model provisioning.
- View the current number of users using the service
- Define and configure the authentication system or identity management system for the organisation. The supported protocols are OpenID connect and SAML.
- For smaller organisations without an identity management system, they are able to provide keys towards their users to enter iGrant.io user preference centers
One fundamental value of iGrant.io for businesses is to fetch data about users who have consented to the use of certain data for certain purposes. This feature provides a basic end consumer/user query functions to the organisation admin, or DPO to view and question user consents. The different functions include:
- Query users who have consented to a particular purpose
- Query users who have consented to an attribute in a particular purpose
- View all users provisioned in the system
- Download the query response in csv format
The individual APIs supports the following functions:
- View all usage purpose
- View a usage purpose with the personal data attributes used for that usage purpose
- Opt-in/Opt-out at the purpose level as well as at the personal data attribute level
- View the data agreement policy, e.g. the data retentention period
- Automated notification and disabling of consents when the retention period expires
The iGrant.io platform allows organisations to send event notifications for various purposes. This feature is used by the organisation to issue notifications towards the user in scenarios outlined below:
- Updates to EULA or other user agreements
- Breach notifications as per Art. 33 of GDPR (Notification of a personal data breach to the supervisory authority)
- Updates to the organisation’s data model, consent purposes etc.
An organisation can deploy and maintain a privacy dashboard for their users using this feature. An admin user is able to perform the following key features:
Configure the deployment of the privacy dashboard via Manage End Users → Privacy Board. The params are:
- DNS name (igrant.io is default extension but this can be redirected to any)
- If Logo, is not already configured, default iGrant.io logo shall be used. Favicon is same as the logo
- Release number of the SW image for privacy dashboards
View the deployment info of the privacy dashboard: Deployment status (Can be NOT-CONFIGURED, REQUESTED and DEPLOYED) with the deployed version and DNS name
The key features here includes:
- Manage billing and invoicing
- View logs
- Manage organisational admin users roles: Owner, Admin, Developer and DPO
All organisation level log are as per the following categories:
- Security (Login/Logout)
- API Calls
- Organisation Users (Owner/Admin/… in the future DPO, etc)
- End User
In this section, an organisation admin (Role: Developer) is able to get the API keys and tokens to be used when calling iGrant.io APIs.
iGrant.io outlines the handling of system events feature between organisations and their end users. This enables an organisation users to make specific personal data requests towards organisations and providing a mechanism for follow ups, for example based on GDPR Data Subject Requests as per GDPR Chaper 3 Articles.
The specific web-based requests that needs workflow integrations are as given:
Webhooks allow the organisation to build or set up integrations to their existing IT workflows. It allows external services to be notified when certain events happen. When the specified events happen, iGrant.io will send a POST request to each of the URLs an organisation admin provides. Gennerally, the event is triggered by the user and will contain the details of any subscribed events. The admin user will be able to specify which data format one would like to receive, the default being JSON.
The key features supported are:
- Configure what events they are interested in among a predefined list of events towards their end-users
- Configure webhook URLs similar to GitHub. The parameters needed are: The payload URL, the data format (application/JSON as default) and the event subscription required
- View the status of the delivered webhooks. It shall also be available as an under logs as well