User data privacy protection

SiX IDaaS & IAM deploy a privacy-by-design framework for both platform-provisioned and federated IdPs, empowering granular user data governance through OAuth 2.0 scopes, where IdP administrators enforce strict JWT claims validation to ensure client applications only access explicitly consented user data.

Step to enable consent process

• Create the OAuth client from console:
  On SiX IDaaS & IAM console, during OAuth client registration, administrators can enable the 'Require explicit authorization consent?' configuration option to enforce granular authorization prompts for each scope request.
• User consent to share the scopes:
• IdP owner should further verify the request from client for the user data: IdP owner should only share the user data in the JWT scopes claim.