KS Fiks

With the Fiks platform, the municipal sector can communicate across administrative levels and national specialist sectors—contributing key building blocks to the national ecosystem for digital collaboration. The Fiks platform is a central, shared service platform for Norwegian municipalities and county councils. It consists of common components and digital services, providing suppliers with a framework to adhere to as a standard for the municipal sector. This supports their ability to scale and reuse solutions across municipalities.

KS Fiks paves the way for integrated user management, a capability that Identum eADM has utilised. When new users are added, or existing users are modified or deleted in eADM, the integration will automatically update KS Fiks. The integration also enables the use of groups for access management. It is possible to grant one or more groups access to a service, and subsequently add or remove individuals from this group in eADM—either automatically based on rules or manually, for example, by managers.

Another key benefit is that when a person leaves or no longer has a professional requirement for access, eADM will automatically revoke the user’s access rights. This ensures that permissions are always up to date and that security is safeguarded.

Read more about the KS Fiks platform here: https://ksdigital.no/tjenestene/fiks-plattformen/

eADM KS Fiks integration setup

Before Identum can begin the technical configuration on their side, you must provide the following:

Step 1: Grant System Access and Generate API Token

To grant eADM access to create users, you must generate an API token from the KS Fiks administration portal.

1. Log in to the KS Fiks configuration portal (https://forvaltning.fiks.ks.no) with Bank-ID.

2. Navigate to Brukeradministrasjon → Import av brukere (User Management).

3. Click + Legg til ekstern kilde (+ Add external source).

4. Select Entra ID / Azure AD legg til TenantID (se Note nedenfor bilde) og kopier token før du avslutter.

Note: Although you select Entra, this is not a integration with Entra for this purpose. Enter any value as the tenant ID; the choice does not impact the integration's function.

5. After creating the source, the system will display a token). Send the token to your Identum contact through a secure password sharing service.

Step 2: Send Identum the neccessary information

• Token from step 1

• Do you have existing users in KS Fiks? If yes, then we need to know which field in KS Fiks we should use for merging with existing users:

  • If they are synced in from Entra ID, then please let us know and check that UPN in Entra ID is mapped to UserName in KS Fiks: https://ksdigital.no/tjenestene/ks-kunnskap/slik-flytter-vi-til-ks-kunnskap/teknisk-informasjon/sentralisert-brukerstyring/#endre-2

  • If they are manually created, plese let us know if the users have socialsecuritynumber in their KS Fiks account or if you have added correct UPN to the username field.

• Which login do you want to use, Entra ID, ID-porten or both? Default is both.

Once we have finished the setup on our end, we will get in touch with you to coordinate activation date.

Note that if you have an existing integration with Entra ID it must be deactivated before the Identum KS Fiks integration is activated.

The following steps are optional and only neccessary if you want eADM to assign roles in Fiks Register

Step 3: Coordinate Activation of External User Management in Fiks Register

After you generate the access key, you will possibly see a warning about activating external user management.

Warning: Activating "ekstern brukerstyring" (external user management) will remove all existing permissions for current roles. To avoid service disruption, do not activate this feature immediately. You must coordinate carefully with your Identum consultant to plan the exact timing for activation. We recommend you first download the overview of existing role permissions to use as a reference.

Step 4: Define Roles and Groups (Optional - only for Fiks Register)

This is step is only required for integration will Fiks Register.
You must determine which roles and groups in KS Fiks Register will be managed by Identum. The groups a user belongs to will define the roles they are assigned.

• For existing groups: If you want eADM to manage membership for existing groups, you must provide us with the group names and the rules for membership (e.g., specific individuals or rules based on department/position).

  For new groups: We must create a group in eADM with an identical name and a corresponding rule set to correctly link to the group in KS Fiks Register.

You can either perform the group creation in eADM yourself or delegate it to Identum.

Step 5: Create Groups in eAdm (Optional - only for Fiks Register)

If you choose to create the groups in eAdm yourself, use the group wizard and follow these guidelines:

• Description: Set a logical, human-readable name in the "Description" field. This will be the group's display name in both eAdm and KS Fiks.

• SourceID and Name: Use a naming convention that clearly identifies the group's purpose and distinguishes it from standard AD groups. Using a consistent prefix is recommended (e.g.,

  Fiks-Tilgang-Folkeregister-Helse_Vaksinering).

• Parent: You must set the Parent ("Underlagt") field to ksfiks. This is used by the synchronization rules to identify which groups to export.

Step 6: Final Verification and Activation (Optional - only for Fiks Register)

Once the roles are mapped and the groups are configured in eAdm, notify your Identum consultant.

Before activating the integration, Identum will send you an overview of the users and groups that are ready to be exported. This allows you to verify that the correct data will be transferred before the final activation.