Identity and Access Management (IAM) Research Participant Portal • Offers external stakeholders a unique entry point for the interactions with the European Commission or Agencies.
Download ReportTranscript Identity and Access Management (IAM) Research Participant Portal • Offers external stakeholders a unique entry point for the interactions with the European Commission or Agencies.
Identity and Access Management (IAM) Research Participant Portal • Offers external stakeholders a unique entry point for the interactions with the European Commission or Agencies in handling grant-related actions, based on - single sign-on (ECAS) - role-based authorization (Identity and access management – IAM) Result: personalised services on the Portal • Access to legal entity registration, negotiation, amendments, financial and scientific reporting, expert services (soon). • Brings homogeneity, transparency and better service integration for grant management. NEXT Objectives of the role management (1/2) • The Identity and Access Management allows us to define and/or manage changes of access rights of users of the Participant Portal. • It gives personalised access to the different services. • It allows flexible and quick management of access rights to the electronic tools on the Portal with high security. • Any change in the roles of the users is saved to allow a monitoring & tracking service. NEXT Objectives of the role management (2/2) • Unique identifier of persons: ECAS account (European Commission Authentication System). Secure, ” single sign-on” approach : 1 e-mail address = 1 person = 1 ECAS account leads to the different grant or organisation-related actions • Unique identifier of entities: the 9-digit PIC number. • It requires minimal involvement by the internal staff allowing for flexibility for managing the consortium: only the top roles are defined by internal staff (Primary Coordinator Contact and the LEAR). Set Coordinator Contact in NEF ‘ Participant Portal Coordinator contact’ Contact persons Administrative and scientific contacts for the grant E-mail Participant A Coordinating Participant CoCo 1 Participant Contacts PaCo A.Rep Scien Admin Finan A.Admin Scien Admin Finan A.Rep Scien Admin Finan Scien Admin Finan LEAR Account Admin. 1 PaCo Named Representat. Scien Admin Finan Team Members NEXT 1 Coordinator Contact Task Managers Participant B Scien Admin Finan Scien Admin Finan Scien Admin Finan Scien Admin Finan 1 1 1 LEAR LEAR LEAR A.Admin A.Admin A.Admin A.Admin A.Admin A.Rep A.Admin The current pyramid of roles. A.Admin A.Admin Participant A Coordinating Participant CoCo 1 Participant Contacts PaCo A.Rep Scien Admin Finan Scien Admin Finan A.Rep Scien Admin Finan Scien Admin Finan A.Rep Scien Admin Finan Changes in the new version of the identity and role management Scien Admin Finan Scien Admin Finan Scien Admin Finan LEAR Account Admin. 1 PaCo Named Representat. Scien Admin Finan Team Members NEXT 1 Coordinator Contact Task Managers Participant B A.Admin 1 1 1 LEAR LEAR LEAR A.Admin A.Admin A.Admin A.Admin A.Admin A.Admin A.Admin A.Admin Participant A Coordinating Participant CoCo 1 Participant Contacts PaCo A.Rep Scien Admin Finan A.Rep Scien Admin Finan A.Rep More Coordinator ContactsScien Admin Finan Scien Admin Finan and Participant Contacts Scien Admin Finan Scien Admin Finan LEAR Account Admin. 1 PaCo Named Representat. Scien Admin Finan Team Members NEXT 1 Coordinator Contact Task Managers Participant B A.Admin Scien Admin Finan Scien Admin Finan 1 1 1 LEAR LEAR LEAR A.Admin A.Admin A.Admin A.Admin A.Admin A.Admin A.Admin A.Admin Participant A Coordinator Contact Participant Contacts Named Representat. Task Managers Team Members Participant B CoCo CoCo CoCo PaCo PaCo PaCo PaCo PaCo Task Managers and Team Members are no longer restricted Scien Admin Finan A.Rep Scien Admin Finan A.Rep Scien Admin Finan A.Rep to specific scope(s). PaCo More Coordinator Contacts Scien Admin Finan Scien Admin Finan and Participant Contacts Task M. Admin Task M. Task M. Scien Finan Team Mb Team Mb Team Mb Scien Admin Finan LEAR Account Admin. Coordinating Participant A.Admin Task M. Task M. Task M. Team Mb Team Mb Team Mb Scien Admin Finan Task M. Task M. Task M. Team Mb Team Mb Team Mb Scien Admin Finan 1 1 1 LEAR LEAR LEAR A.Admin A.Admin A.Admin A.Admin A.Admin A.Admin A.Admin A.Admin NEXT Participant A Coordinator Contact Participant Contacts Coordinating Participant Participant B CoCo CoCo CoCo PaCo PaCo PaCo PaCo Named Representat. PaCo Task M. PaCo Scien Admin Finan PaCo A.Rep Task M. CoCo Scien Admin Finan CoCo A.Rep CoCo PaCo PaCo Task M. PaCo Scien Admin Finan PaCo A.Rep PaCo Task Managers Task M. Task M. Task M. Team Members Team Mb Team Mb Team Mb LEAR Account Admin. A.Admin Task M. Task M. Task M. Team Mb Team Mb Team Mb Task M. Task M. Task M. Team Mb Team Mb Team Mb 1 1 1 LEAR LEAR LEAR A.Admin A.Admin A.Admin A.Admin A.Admin A.Admin A.Admin A.Admin NEXT Participant A Coordinator Contact Participant Contacts Coordinating Participant Participant Experts B CoCo CoCo CoCo PaCo PaCo PaCo PaCo PaCo PaCo Reviewer Reviewer Reviewer Task Managers Activation The roles of Named non-participant & Authorised roles: Representatives Reviewer andare Rapporteur redistributed Task M. Task M. Task M. Team Members Team Mb Team Mb Team Mb LEAR Account Admin. A.Admin Task M. Task M. Task M. Team Mb Team Mb Team Mb Task M. Task Rapport. M. Task M. Team Mb Team Mb Team Mb 1 1 1 LEAR LEAR LEAR A.Admin A.Admin A.Admin A.Admin A.Admin A.Admin A.Admin A.Admin NEXT Participant A Coordinator Contact Participant Contacts Coordinating Participant Experts CoCo CoCo CoCo PaCo PaCo PaCo Reviewer Reviewer Reviewer Task Managers Activation of non-participant roles: Reviewer and Rapporteur Task M. Task M. Task M. Team Members Team Mb Team Mb Team Mb LEAR Account Admin. A.Admin Task M. Task M. Task M. Team Mb Team Mb Team Mb 1 1 LEAR LEAR A.Admin A.Admin A.Admin A.Admin A.Admin Which brings us to the new version of IAM… Rapport. NEXT Major changes of the new version (1/2) The major objective of the new version is to simplify the role management and make it more flexible. In that perspective, the following changes are made: 1. The uniqueness of the Coordinator and Participant Contacts disappear: → one Primary Coordinator Contact as the main contact for the European Commission; → more Coordinator Contacts can be nominated per project; → more Participant Contacts can be nominated per organisation in a project. Major changes of the new version (2/2) 2. Task Managers and Team Members are no longer restricted to specific scope(s). 3. The roles of Named Representatives are redistributed: → Former Financial and Scientific Named Representatives, and Authorised Representatives automatically become Participant Contacts (Coordinator Contacts for the Coordinating Participant). → Former Administrative/Legal Named Representatives automatically become Task Managers. → Former Authorised Signatories automatically become Participant Contacts as well. 4. Those using the new URF version to register an organisation for a PIC, will have a self-registrant role. XXXXXXX XXXXX XXXXXX XXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXX XXXXX XXXXX XXXXXX XXXXXX XXXXXX Roles at Organisation level Roles at Project level Edit View Project View roles details in the Project Consortium XXXXXXX XXXXX XXXXXX XXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXX XXXXX XXXXX XXXXXX XXXXXX XXXXXX The list of roles will be changed automatically with the new IAM The nomination process “How can I give access to my colleagues?” “How can I revoke the rights of colleagues who left the organisation?” “Original roles” Some roles are automatically provisioned in the early stages of the Project (“original roles”) as follows : • The Coordinator Contact identified in the proposal will be recognised by the Commission as the Primary Coordinator Contact. • The contact persons of the participating organisations identified during proposal submission will become Participant Contacts at the beginning of negotiations. • The LEAR is validated by the Commission during the validation process of his/her organisation. The nomination process • Except for the Primary Coordinator Contact and the LEAR, every role must be modified by the Participants. • Each user can be nominated or revoked by another user following a fixed predetermined pattern. Let’s review the nomination/revocation process. NEXT Project Coordinating Participant Coordinator Contacts CoCo CoCo CoCo Participant Contacts Organisation Participant A PaCo PaCo PaCo Task Managers Task M. Task M. Task M. Task M. Task M. Task M. Team Members Team Mb Team Mb Team Mb Team Mb Team Mb Team Mb LEAR Account Administrator A.Admin 1 1 LEAR LEAR A.Admin A.Admin A.Admin A.Admin A.Admin NEXT Project Coordinating Participant Coordinator Contacts CoCo CoCo CoCo Participant Contacts Organisation Participant A PaCo PaCo PaCo Task Managers Task M. Task M. Task M. Task M. Task M. Task M. Team Members Team Mb Team Mb Team Mb Team Mb Team Mb Team Mb LEAR Account Administrator A.Admin 1 1 LEAR LEAR A.Admin A.Admin A.Admin A.Admin A.Admin NEXT Project Coordinating Participant Coordinator Contacts CoCo CoCo CoCo Participant Contacts Organisation Participant A PaCo PaCo PaCo Task Managers Task M. Task M. Task M. Task M. Task M. Task M. Team Members Team Mb Team Mb Team Mb Team Mb Team Mb Team Mb LEAR Account Administrator A.Admin 1 1 LEAR LEAR A.Admin A.Admin A.Admin A.Admin A.Admin NEXT Project Coordinating Participant Coordinator Contacts CoCo CoCo CoCo Participant Contacts Organisation Participant A PaCo PaCo PaCo Task Managers Task M. Task M. Task M. Task M. Task M. Task M. Team Members Team Mb Team Mb Team Mb Team Mb Team Mb Team Mb LEAR Account Administrator A.Admin 1 1 LEAR LEAR A.Admin A.Admin A.Admin A.Admin A.Admin NEXT Project Coordinating Participant Coordinator Contacts CoCo CoCo CoCo Participant Contacts Organisation Participant A PaCo PaCo PaCo Task Managers Task M. Task M. Task M. Task M. Task M. Task M. Team Members Team Mb Team Mb Team Mb Team Mb Team Mb Team Mb LEAR Account Administrator A.Admin 1 1 LEAR LEAR A.Admin A.Admin A.Admin A.Admin A.Admin NEXT Project Coordinating Participant Coordinator Contacts CoCo CoCo CoCo Participant Contacts Task Managers Organisation Team Members Participant A PaCo PaCo PaCo Only the key roles of the LEAR and Primary Coordinator Contact are defined/modified by the Commission. Task M. Task M. Task M. Task M. Task M. Task M. Team Mb Team Mb Team Mb Team Mb Team Mb Team Mb LEAR Account Administrator A.Admin 1 1 LEAR LEAR A.Admin A.Admin A.Admin A.Admin A.Admin NEXT Project Coordinating Participant Coordinator Contacts CoCo CoCo CoCo Participant Contacts Task Managers Organisation Team Members Participant A PaCo PaCo PaCo Only the key roles of the LEAR and Primary Coordinator Contact are defined/modified by the Commission. Task M. Task M. Task M. Task M. Task M. Task M. Team Mb Team Mb Team Mb Team Mb Team Mb Team Mb LEAR Account Administrator A.Admin 1 1 LEAR LEAR A.Admin A.Admin A.Admin A.Admin A.Admin XXXX XXXX View roles in the Project The list of roles will be changed automatically with the new IAM. These new roles may need to be modified. XXXXXXXXX XXXXXXXXXXXX XXXXXX XXXXXXXXX XXXXXXXXXXXX XXXXXX XXXXXXXXX XXXXXXXXXXXXXXXXXX XXXXXX XXXXXXXXX XXXXXXXXXX XXXXXX XXXXXXXXX XXXXXXXXXXXXXXXXXX XXXXXX XXXXXXXXX XXXXXXXXXX XXXXXX XXXXXXXXX XXXXXXXXXXXXXXXXXX XXXXXX XXXXXXXXX XXXXXXXXXX XXXXXX Add or revoke roles in the Project LEARs will also see the list of proposals submitted. Add a new role for the Project XXXX XXXX Edit Consortium function: available for the Primary Coordinator Contact only XXXXX XXXXX XXX XXXXXX XXXXX XXXXXX XXXXXXX Edit Participant Contact details. XXXXX XXXXX XXX XXXXXX XXXXX XXXXXX XXXXXXX XXXXXXXXXXXXXXXX XXXXXX XXXXXXXX The organisation appears in the “My Organisations” tab Those who obtained a selfregistrant role, will access their data in URF from here. XXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXX XXXXX XXXXXXXXXXXX XXXXXXXXXXXXXXXXXXX XXXXX XXXXXXXXXXXXX XXXXXXXXXXXXXXX XXXXX XXXXXXXXXXXXX XXXXXXXXXXXXXX XXXXX XXXXXXXXXXXXX XXXXXXXXXXX XXXXX XXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXX XXXXXXXXXXXXX XXXXXXXXXXXXXX XXXXX XXXXXXXXXXXX XXXX XXXXXXXXX XXXXXXXXXXXXXX XXXXX XXXXXXXXXXXX XXXXX XXXXXXXXX XXXXXXXXXXXXXXX XXXXX LEARs can view the roles within the organisation. LEARs will see the project list of the entity. Access rights for each role Each person within this pyramid has different access rights according to his/her own role, and according to the state of the project. Let’s review these rights for each role. Project Coordinating Participant Coordinator Contacts CoCo CoCo CoCo Participant Contacts Organisation Participant A PaCo PaCo PaCo Task Managers Task M. Task M. Task M. Task M. Task M. Task M. Team Members Team Mb Team Mb Team Mb Team Mb Team Mb Team Mb LEAR Account Administrator A.Admin 1 1 LEAR LEAR A.Admin A.Admin A.Admin A.Admin A.Admin Project Coordinating Participant Coordinator Contacts Participant Contacts • • Organisation • • • • CoCo CoCo Participant A CoCo PaCo PaCo PaCo The Primary Coordinator Contact: TheTask contact person entityTask identified proposal is Task M. of the Taskcoordinating M. Task M. M. Task in M. theTask M. Managers automatically transferred as the Primary Coordinator Contact; (s)he is the primary point of contact between the Commission and the Consortium for negotiations. TheTeam Primary Coordinator Contact canMbonly beTeam revoked orMbmodified Team Mb Team Mb Team Mb Team Team Mbby the Members Commission. The Primary Coordinator Contact can nominate and revoke Coordinator Contacts, 1 Task Managers and Team1 Members within his/her organisation. LEAR Participants Contacts TheLEAR Primary CoordinatorLEAR Contact can nominate and revoke for any organisation in the consortium. TheAccount Primary Coordinator Contact has read and write access to all electronic tools, A.Admin A.Admin A.Admin A.Admin Administrator to the forms ofA.Admin his/her organisation and to the common formsA.Admin of the consortium. The Primary Coordinator Contact can submit forms to the European Commission. Project Coordinating Participant Coordinator Contacts CoCo CoCo CoCo Participant Contacts Task Managers Organisation • • • • Task M. Task M. Participant A Task M. PaCo PaCo PaCo Task M. Task M. Task M. Coordinator Contacts: Team Mb Team Mb Team Mb Team Mb All Coordinator Contacts can nominate and revoke other Coordinator Contacts within their organisation; all the nominated Coordinator Contacts have similar rights. 1 1 LEAR All LEAR Coordinator ContactsLEAR can nominate and revoke Task Managers and Team Members within their organisation. All Account Coordinator Contacts have read and write access to all electronic tools, A.Admin A.Admin A.Admin A.Admin A.Admin Administrator to their own forms and to the common formsA.Admin of the consortium. All Coordinator Contacts can submit forms to the European Commission. Team Members Team Mb Team Mb Project Coordinating Participant Coordinator Contacts CoCo CoCo CoCo Participant Contacts Task Managers • Organisation • • • • Task M. Task M. Participant A Task M. PaCo PaCo PaCo Task M. Task M. Task M. Participant Contacts: TheTeam Participant Contacts are nominated to represent the organisation Team Mb Team Mb Team Mb Team Mb Team Mb Team Mb Members within the consortium. There is at least one Participant Contact per organisation, with a maximum of 5 Participant Contacts 1 per organisation, but there can 1 be more than 5 with the migration of roles for organisations which areLEAR already registered. LEAR LEAR All Participant Contacts can nominate and revoke other Participant Contacts, Task Managers and Team Members within his/her organisation. Account A.Admin A.Admin A.Admin All Administrator Participant Contacts have readA.Admin and write A.Admin access toA.Admin their organisation’s forms. All Participant Contacts can submit forms to the Coordinator Contacts. Project Coordinating Participant Coordinator Contacts CoCo CoCo Participant A CoCo Participant Contacts PaCo PaCo PaCo Task Managers Task M. Task M. Task M. Task M. Task M. Task M. Team Members Team Mb Team Mb Team Mb Team Mb Team Mb Team Mb Task Managers: Organisation 1Task Manager(s) per organisation. 1 • There may be one or more LEAR LEAR LEAR • Task Managers are nominated by their Participant Contacts. • Task Managers can create and update forms of their organisation andAccount submit to the Participant A.Admin Contacts. A.Admin A.Admin A.Admin A.Admin A.Admin Administrator • Task Managers cannot delegate the role further or any of their rights. Project Coordinating Participant Coordinator Contacts CoCo CoCo Participant A CoCo Participant Contacts PaCo PaCo PaCo Task Managers Task M. Task M. Task M. Task M. Task M. Task M. Team Members Team Mb Team Mb Team Mb Team Mb Team Mb Team Mb Organisation 1 LEAR LEAR 1 Team Members: LEAR • Team Members are nominated by the Participant Contacts. Account A.Admin access A.Admin A.Admin A.Admin read-only. A.Admin • Team MembersA.Admin have limited rights: search, Administrator • Team Members cannot delegate the role further or any of their rights. Project Coordinating Participant The LEAR: Participant A • The LEAR can access the list of roles/persons representing his/her organisation in Projects and the Project list of his/her organisation. Coordinator CoCo CoCo CoCo Contacts • TheParticipant LEAR may request to revoke users from roles within his/her organisation PaCo PaCo e.g.Contacts by asking a Coordinator Contact or a Participant Contact toPaCo revoke a role. • The LEAR can only be revoked or modified by the Commission. • TheTask LEAR is reponsible for the updates of theTask organisation-related data, can Task M. Task M. Task M. M. Task M. Task M. Managers request (online) the modification of such data, and upload supporting documents. Organisation Team Members Team Mb LEAR Account Administrator A.Admin Team Mb Team Mb Team Mb Team Mb 1 1 LEAR LEAR A.Admin A.Admin A.Admin A.Admin Team Mb A.Admin Project CoordinatingThe Participant Participant A Account Administrator: • There may be one or more Account Administrator(s) within an organisation Coordinator by the LEAR of the organisation). (nominated CoCo CoCo Contacts CoCo • All Participant Account Administrators may access the list of roles/persons representing PaCo PaCo Contactsorganisation in Projects and the Project his/her list ofPaCo their organisation. • All Account Administrators can request (online) the update of the organisationrelated data. Task Task M. Task M. Task M. Task M. Task M. Task M. Managers • All Account Administrators may request to revoke users from roles within their organisation e.g.Team by asking a Coordinator Contactor a Participant Contact to revoke a role. Organisation Members Team Mb LEAR Account Administrator A.Admin Team Mb Team Mb Team Mb Team Mb 1 1 LEAR LEAR A.Admin A.Admin A.Admin A.Admin Team Mb A.Admin NEXT Project roles: summary CoCo CoCo PaCo Task M. • Nominate and revoke Participant Contacts for any participating organisation. • In addition, all rights listed under the Coordinator Contacts. • • • • • Nominate and revoke other Coordinator Contacts; Read/write access to own and common forms; Submit to European Commission/Agency; In addition, all rights listed under the Participant Contacts. Nominate and revoke Participant Contacts, Task Managers and Team Members within their organisation; • Read/write access to own forms; • Submit to the Coordinator Contacts; • In addition, the rights listed under the Task Managers. • Create and update forms; • In addition, rights listed under the Team Members. • Read-only access Team Mb NEXT Organisation roles: summary 1 LEAR A.Admin • Nominate and revoke Account Administrators within their organisation • In addition, all rights listed under the Account Administrator. • Access the list of roles/persons representing their organisation • Access their organisation’s list of Projects and their summaries • May request to revoke users from roles within his/her organisation Access rights for each step of the project Now that we have a better idea of the general scheme, let’s review the possibilities of the different roles at each step of the project. Proposal submission Negotiation Registration Grant agreement signature Reports Amendments End of the project Access rights for proposal submission • Currently, the proposal submission (EPSS) is outside the Participant Portal, but certain roles are provisioned automatically. • In the future, roles will be integrated in the proposal submission phase (SEP). • SEP: Coordinators and participant contacts will be able to provision the roles at this stage in the proposal submission system. Proposal submission Negotiation Registration Grant agreement signature Reports Amendments End of the project Access rights for negotiations • Read-only rights to all negotiation-related data: CoCo CoCo PaCo Task M. Team Mb • Draft and validate own forms: CoCo • Draft and validate common forms: CoCo CoCo PaCo Task M. CoCo • Submit data on behalf of the whole consortium to the Commission: CoCo Proposal submission Negotiation Registration CoCo Grant agreement signature Reports Amendments End of the project Access rights for amendments • Initiate an action: CoCo CoCo • Read-only rights to all amendment-related data: CoCo CoCo PaCo Task M. Team Mb • Draft and validate their forms: CoCo • Draft and validate common forms: CoCo CoCo PaCo Task M. CoCo • Submit data on behalf of the whole consortium to the Commission: CoCo Proposal submission Negotiation Registration CoCo Grant agreement signature Reports Amendments End of the project Access rights for financial reports (1/2) (Form C, CFS, financial summary) • Read-only rights to their Forms C/CFS: CoCo CoCo PaCo Task M. Team Mb • Draft and upload their Forms C/CFS: CoCo CoCo PaCo Task M. • Read-only rights to the financial summary: CoCo Proposal submission CoCo Reviewer Negotiation Registration Grant agreement signature Reports Amendments End of the project Access rights for financial reports (2/2) (Form C, CFS, financial summary) • Read-only rights to all participants’ Forms C/CFS: CoCo CoCo Reviewer • Submit to the Coordinator Contacts: • Submit to the European Commission: Proposal submission Negotiation Registration Grant agreement signature PaCo CoCo CoCo Reports Amendments End of the project Access rights for scientific reports (1/2) • Read-only rights to their forms & documents: CoCo CoCo PaCo Task M. Team Mb • Draft and upload their forms & documents: CoCo CoCo PaCo Task M. • Read-only rights to common forms & documents: CoCo CoCo PaCo Task M. Team Mb • Draft and upload common forms & documents: CoCo Proposal submission CoCo PaCo Task M. Negotiation Registration Grant agreement signature Reports Amendments End of the project Access rights for scientific reports (2/2) • Read-only rights to all participants’ forms: CoCo CoCo Reviewer Rapport. • Read-only rights to all participants’ deliverables: CoCo CoCo PaCo Task M. Team Mb Reviewer Rapport. • Draft and upload all participants’ deliverables: CoCo CoCo PaCo Task M. • Submit to the Coordinator Contacts: PaCo • Submit to the European Commission: Proposal submission Negotiation Registration Grant agreement signature CoCo CoCo Reports Amendments End of the project Access rights for reviews (1/2) • Read-only rights to review forms & documents: Reviewer Rapport. • Draft and upload their review forms & documents: Reviewer • Submit review: Reviewer • Review all sessions: Reviewer Proposal submission Negotiation Registration Grant agreement signature Reports Amendments End of the project Access rights for reviews (2/2) • Read-only rights to consolidated review forms & documents: Rapport. • Draft and upload consolidated review forms & documents: Rapport. • Submit consolidated review: Proposal submission Negotiation Registration Rapport. Grant agreement signature Reports Amendments End of the project Access rights for the organisation • View and update the organisation’s data: 1 LEAR • Upload / download / update documents regarding the organisation: A.Admin 1 LEAR A.Admin • NEW: Self-registrants have access to their data until a LEAR is appointed for the PIC. Proposal submission Negotiation Registration Grant agreement signature Reports Amendments End of the project