KS Fiks
This document outlines the necessary steps you must take to prepare for the integration between eADM and the KS Fiks platform. Following these steps will ensure a smooth setup process.
Overview
The integration between eAdm and KS Fiks automates user and role management within the KS Fiks platform. It provisions users by creating, maintaining, and deactivating them based on rules in eAdm.
Users are provisioned to the centralized user administration, which can be used for several of the services in the Fiks platform. The primary focus for the integration was initially Fiks Register, but the user provisioning described here also applies to KS Kunnskap.
User roles in Fiks Register are assigned by managing their membership in specific groups. The integration can either synchronize with existing groups or create new ones as needed.
Preparatory steps
Before Identum can begin the technical configuration, you must provide the following:
Step 1: Grant System Access and Generate API Token
To grant eADM access to create users, you must generate an API token from the KS Fiks administration portal.
Log in to the KS Fiks configuration portal (https://forvaltning.fiks.ks.no).
Navigate to Brukeradministrasjon → Import av brukere (User Management).
Click + Legg til ekstern kilde (+ Add external source).
Select Entra ID.
Note: Although you select Entra, this is not a integration with Entra for this purpose. Enter any value as the tenant ID; the choice does not impact the integration's function.
After creating the source, the system will display two values (an ID and a token).
Warning: Securely save both values. Send these to your Identum contact through a secure password sharing service.
Step 2: Coordinate Activation of External User Management in Fiks Register
After you generate the access key, you will possibly see a warning about activating external user management.
Warning: Activating "ekstern brukerstyring" (external user management) will remove all existing permissions for current roles. To avoid service disruption, do not activate this feature immediately. You must coordinate carefully with your Identum consultant to plan the exact timing for activation. We recommend you first download the overview of existing role permissions to use as a reference.
Step 3: Define Roles and Groups (Optional - only for Fiks Register)
This is step is only required for integration will Fiks Register.
You must determine which roles and groups in KS Fiks Register will be managed by Identum. The groups a user belongs to will define the roles they are assigned.
For existing groups: If you want eADM to manage membership for existing groups, you must provide us with the group names and the rules for membership (e.g., specific individuals or rules based on department/position).
For new groups: We must create a group in eADM with an identical name and a corresponding rule set to correctly link to the group in KS Fiks Register.
You can either perform the group creation in eADM yourself or delegate it to Identum.
Step 4: Create Groups in eAdm (Optional - only for Fiks Register)
If you choose to create the groups in eAdm yourself, use the group wizard and follow these guidelines:
Description: Set a logical, human-readable name in the "Description" field. This will be the group's display name in both eAdm and KS Fiks.
SourceID and Name: Use a naming convention that clearly identifies the group's purpose and distinguishes it from standard AD groups. Using a consistent prefix is recommended (e.g.,
Fiks-Tilgang-Folkeregister-Helse_Vaksinering).Parent: You must set the Parent ("Underlagt") field to
ksfiks. This is used by the synchronization rules to identify which groups to export.
Step 5: Final Verification and Activation (Optional - only for Fiks Register)
Once the roles are mapped and the groups are configured in eAdm, notify your Identum consultant.
Before activating the integration, Identum will send you an overview of the users and groups that are ready to be exported. This allows you to verify that the correct data will be transferred before the final activation.