This documentation is for WSO2 Identity Server 5.5.0 . View documentation for the latest release.

All docs This doc

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Consent management with WSO2 Identity Server

WSO2 IS provides a comprehensive consent management solution that can be used to manage consents related to Identity and Access Management (IAM) and also to manage consents that belong to third-party applications. The WSO2 IS consent management module consists of the following key features.

Consent management use cases

The following consent management use cases are supported by WSO2 IS. 

Table of Contents
maxLevel5
minLevel5

Handling consent when creating a new user profile

According to most privacy standards, it is mandatory to inform individuals about the purpose of processing personal data and to state what kind of data will be shared in a clear and transparent manner at the time of data collection. Furthermore, the processing organizations should get active consent from an individual for each of the data processing purposes before data collection takes place. The following points give a high-level description of how this usecase is supported in WSO2 IS. 

  • The identity administrator of an organization can define personal data processing purposes and a list of user attributes used for each of the processing purposes via Admin console or via the consent REST API.

  • During the self sign-up process, the data processing purposes (reason for collecting consent) along with the user attributes for each purpose will be shown to users as consents. The users can selectively opt-in/opt-out on each of the purposes.

  • Users can review or revoke existing consent by logging in to WSO2 IS end user dashboard (self-care portal).

  • Personal data processing applications can check for consent for each user through the consent REST API before carrying out any data processing activities.   

Tip

For more information and instructions for setting up this use case, see Consent Management for Self Sign Up.

Handling consent when sharing user attributes

According to privacy best practices and privacy standards, sharing user attributes with external parties should be based on clear and active consent (unless there is clear legal background support for information sharing). WSO2 IS shares user attributes with other applications in the form of security tokens such as SAML2 , OpenID Connect IDToken, or JWT and all of this user information sharing is based on consent. The following points give a high level description of how this usecase is supported in WSO2 IS. 

  • The identity administrator of an organization can define purposes and user attributes for each purpose on a service-provider basis using the WSO2 IS admin console or via WSO2 remote APIs.

  • When sharing the user attributes during flows such as SAML SSO and OpenID Connect SSO, WSO2 IS prompts the consent screen to appear. The sharing of user attributes through security tokens is based on the consent that the user approves at this point. 

  • Users can review or revoke existing consent by logging in to the WSO2 IS end user dashboard (self-care portal).  

Tip

For more information and instructions for setting up this use case, see Consent Management with Single-Sign-On.

Manage consents that belong to third-party applications

WSO2 IS can be used to manage consents that belong to third-party applications and services. To do this, third-party applications can integrate with WSO2 IS using the consent REST APIs and other admin APIs provided by WSO2 IS. Note that generating and handling consent UIs for third-party applications can not be supported in WSO2 IS as it is considered the responsibility of the relevant third-party application to provide consent management UI facilities for their end users.  

Tip
For more information and instructions for setting up this use case, see Using the Consent Management REST APIs.
Support for Kantara consent receipt (draft) specification

A consent receipt is a representation of the consent provided by a person at the point he/she agrees they agree to share the personal information with an external party. WSO2 IS consent REST APIs support the specification provided in the Kanatara consent receipt 1.1.0 (7th draft) version. For more information, see Kantara Consent Receipt Specification

Tip

For more information and instructions for setting up this use case, see Using the Consent Management REST APIs.