Altinn Nøtt (accurate and facilitated access management)

[sorensensig]

Description

User needs More easily be able to:

• navigate back and forth in the solution
• locate relevant information
• give and receive access rights
• clean up outdated access rights

Study Participant pool: 10 Interviews. Who: Representatives from small, medium and large organisations across three industries. Topic: Access management. Goal: Understand the problems surrounding the current access management functionality and gain insight into the desired future functionality. Research question: "Can a facilitative and accurate access management simplify the workflow - and be perceived as reassuring for the user?". Main Hypothesis: "The need for services in a role varies based on the company's size and industry.".

Our preliminary user research identified issues in connection to

1. navigating the solution and locate information,
2. give and receive access rights, and
3. cleaning up outdated access rights.

Background This study builds upon the findings of two previous studies: 1.HELT "Helhetlig Tilgangsstyring" (holistic access management) taking a broad look at access management in Altinn and 2. "oppgavebasert tilgangsstyring" (task-based access management) narrowing down the focus to the tasks of which organisations is required to complete by government.

Concept This epic introduces the concept of access groups in a new centralised dashboard as a way of giving users a better overview of who has which access rights. The dashboard will also help facilitate easy clean up of outdated access rights. At the same time, the ideas and concepts from "oppgavebasert tilgangsstyring" are drawn upon to support the centralised dashboard through decentralised functionality, such as in-context access management and display of relevant information.

---

In scope

This epic includes changes in the following areas:

Profile The content of the profile page will be in part rebuilt in a new dashboard or moved to a settings view.

• Your contact information for the enterprise Moves to a settings view

• Notification addresses for the enterprise Moves to a settings view

• Forms and services you have rights to Rebuilt in the new dashboard

• Others with rights to the organisation Rebuilt in the new dashboard

• Rights the organisation has with others To be decided

• The organisation's requests Rebuilt in the new dashboard

• Advanced settings Moves to a settings view

Inbox Ideas and concepts from "oppgavebasert tilgangsstyring" concerning the inbox will be adjusted to fit with the access group concept and re-introduced as part of the suggested outcome of this epic.

All forms Ideas and concepts from "oppgavebasert tilgangsstyring" concerning the forms will be adjusted to fit with the access group concept and re-introduced as part of the suggested outcome of this epic. Moreover, a new hierarchy for services is introduced to match the access groups.

---

Out of scope

This epic is limited to business end-users and will not affect the private end-user experience. Moreover, functionality such as power of attorney, guardianship and consent, which are closely related to access management, is not part of this epic.

---

Additional Information

Design Process

Discovery Prior to conducting user research, the team looked through previous work in "HELT" and "oppgavebasert tilgangsstyring". From these insights 14 hypotheses were made to explore and validate assumptions about which part of the solution we needed to focus on. 10 interviews were then conducted with stakeholders across three industries spanning small, medium and large organisations.

Define Utilising the Google sprint kit, the team explored various alternative solutions to our findings, constructed early design principles and defined a path going forward.

Develop The team is currently developing a prototype spanning a multitude of scenarios and personas, aiming to test in Q4 22.

Deliver Will be announced at a later stage.

Design Principles (current)

Clear language

• Makes use of data.norge.no term dictionary

Highlight what's relevant

• Collapses less relevant content
• Shows info in context

Service owner involvement

• Builds in feedback loops for service owner involvement

Connected services

• Facilitates connected services and life events

API

• Actively consumes our own APIs

Empower access managers

• Describes services in a way that gives access managers a better foundation for making good decisions

Privacy and law

• Supports privacy at every level
• In accordance to law

Løsningen er støttende

• Informs and supports the user in making good decisions
• Automates what should be automated

Event focused

• Suggests user flows from relevant changes and notifications since last visit
• Limits required usage to when there is a clear need

Traceability

• Shows what has been done by whom
• Facilitates transparency

---

Tasks

Features

-- coming soon --

User Stories

-- coming soon --

Analysis

• [ ] #85 admin tech legal design
• [x] #87 tech
• [ ] #89 admin design
• [ ] #90 (tech) (design) (admin) (legal)
• [ ] #108 (admin)
• [ ] #109 (design) (admin) (legal)
• [ ] #110 (design) (admin) (tech)
• [ ] #111 (design) (admin) (legal)
• [ ] #114 (design)
• [ ] #115 (design)

Clarification

• [ ] #83 admin legal
• [ ] #88 tech
• [ ] #112 admin

Out of scope, but relevant

• [ ] #84 admin tech

[sivaglen]

Innspill fra support: https://github.com/Altinn/altinn-authorization/issues/326 Endringsønske fra NFK - Nordland fylkeskommune [https://github.com/https://github.com/Altinn/altinn-support-private/issues/1126] Ønsker mulighet til å alfabetisere underenheter på "hoved"-organisasjonsnumre som vi har i Nordlan fylkeskommune. Dette vil lette arbeidet, spesielt for arkivarer betraktelig. Se skjermdump på opprinnelig supportsak.

[annerisbakk]

@rtafj Gjennomgang for å avklare hva som gjenstår - rydding!