Getting access to data through data source#

Note

In order to connect your service to a data source (API), the service needs to be using OIDC for integrating with Feide.

With data sharing in Feide, services can easily get additional data that is not available in the user directories of the host organizations. It enables sharing data from a data source (API) with services in a secure manner, using the existing access control and authentication mechanisms in Feide for clients and end users.

Data owners such as host organizations, or data providers such as other service providers, can make their data available by creating data sources in Feide. Instead of users registering the same information in multiple services, based on exporting datasets, or setting up expensive integrations for every host organization uses a service, the data can be shared through the data sharing functionality in Feide.

If your service needs additional data to implement some new functionality you can get information through a data source available in Feide. Lists of available data sources can be found in the Customer Portal. Read more about existing data sources.

Requesting access to data source#

Note

You can only request access to data sources that are registered in the Feide Customer Portal.

Please contact us at kontakt@sikt.no if you need access to a legacy API gatekeeper.

Screenshot of Data sources tab with Connect to data source button

When editing your service go to the Data source tab and click Connect to data source.

Here you will find a list of available data sources. Use the search field if the data source you are looking for is not visible.

Any data source marked as internal by the data provider will not be shown. It may be that the source is meant for use by the owning organization only, or it might not be ready for production use yet.

When you have found the data source you want to connect with, click on the name of the data source.

Screenshot of Display data source tab

Here you get more information about the data source, such as what organization provides it, description, the various information available (under the Access level tab), and link to technical documentation. We recommend reading the technical documentation shown before requesting access to the data source.

To request access to the data source click on Connect data source to service in the right corner of the data source.

Screenshot of Connect to data source form

In the drop-down menu you select the service you want to access the data source with. Only services integrated using the OIDC protocol are listed since SAML protocol doesn’t support the use of Feide data sources.

Then select the access level with the information the service needs. Before selecting the access level think about what information the service needs to know about the user and organization. Avoid requesting access to more information than the service needs. For example, some services only need to know that the user is a student, while others need to know the subjects and the grade of the students. If you find out later that the service needs more information, you can request additional access levels at that time.

When selecting the access level click on Connect to request connecting to the data source.

Getting access to a data source#

The access is either granted instantly or upon request. This depends on which authorization mode has been set by the data owner.

The two different scenarios are illustrated below.

Screenshot of Access granted message

If you have requested an access level using the Free access mode, your service is granted access at once.

Screenshot of Access requested message

If you have requested an access level using approval mode, you need to wait for the data provider to approve the access for the service. Is up to the data owner, and not the data provider, whether or not they want to approve or deny some or all access levels that the service provider has requested. You will be notified by email when the request is granted or denied.

It may take some time for the data provider to handle the request if the data provider is not also the data owner. The data provider needs the permission of the data owner to grant services access to the data. For now, this needs to be handled outside the Customer Portal. The data owner may also have to conduct a new risk assessment of your service and update their Data Processing Agreement if the service gets additional information.

The data owner may contact you as a service provider if they are unsure about how the service will be using and storing the data before approving the access. This communication is done outside of the Customer Portal for example through email.

Accessing data from a data source#

When you have been granted access to the data source, the service needs to access the data. This is done by JWT-token exchange