Identity and Access Management (IAM). Research Participant Portal Offers external stakeholders a unique entry point for the interactions with the European.

Identity and Access Management (IAM)

Research Participant Portal

• Offers external stakeholders a unique entry point for the interactions with the European Commission or Agencies in handling grant-related actions, based on

- single sign-on (ECAS) - role-based authorization (Identity and access management – IAM)

Result: personalised services on the Portal• Access to legal entity registration, negotiation, amendments, financial and scientific reporting, expert services (soon). • Brings homogeneity, transparency and better service integration for grant management.

http://ec.europa.eu/research/participants/portal/page/home

Objectives of the role management (1/2)

• The Identity and Access Management allows us to define and/or manage changes of access rights of users of the Participant Portal.

• It gives personalised access to the different services.

• It allows flexible and quick management of access rights to the electronic tools on the Portal with high security.

• Any change in the roles of the users is saved to allow a monitoring & tracking service.

NEXT

• Unique identifier of persons: ECAS account (European Commission Authentication System).

Secure, ” single sign-on” approach :1 e-mail address = 1 person = 1 ECAS account

leads to the different grant or organisation-related actions

• Unique identifier of entities: the 9-digit PIC number.

• It requires minimal involvement by the internal staff allowing for flexibility for managing the consortium: only the top roles are defined by internal staff (Primary Coordinator Contact and the LEAR).

NEXT

Objectives of the role management (2/2)

Set Coordinator Contact in NEF

‘ Participant Portal Coordinator contact’

E-mail

Administrative and scientific contactsfor the grant

Contact persons

Scien Admin Finan

Participant B

A.RepA.RepFinanFinanAdminAdminScienScien

LEARLEAR

1

FinanFinanAdminAdminScienScien

CoordinatorContact

ParticipantContacts

NamedRepresentat.

TaskManagers

TeamMembers

LEAR

AccountAdmin.

A.AdminA.Admin A.AdminA.AdminA.AdminA.Admin

Scien Admin Finan

Participant A


LEARLEAR

1

A.AdminA.Admin A.AdminA.Admin


A.AdminA.Admin

PaCoPaCo

1PaCoPaCo

1

Scien Admin Finan

CoCoCoCo

1



LEARLEAR

1


NEXT

The current pyramid of roles.

Coordinating Participant

Scien Admin Finan

Participant B


LEARLEAR

1


CoordinatorContact

ParticipantContacts

NamedRepresentat.

TaskManagers

TeamMembers

LEAR

AccountAdmin.


Scien Admin Finan

Participant A


LEARLEAR

1



A.AdminA.Admin

PaCoPaCo

1PaCoPaCo

1

Scien Admin Finan

CoCoCoCo

1



LEARLEAR

1


NEXT

Changes in the new version of the identity and role management


Scien Admin Finan

Participant B


LEARLEAR

1


CoordinatorContact

ParticipantContacts

NamedRepresentat.

TaskManagers

TeamMembers

LEAR

AccountAdmin.


Scien Admin Finan

Participant A


LEARLEAR

1



A.AdminA.Admin

Scien Admin Finan




LEARLEAR

1


CoCoCoCoCoCoCoCo

1

PaCoPaCo

1CoCoCoCo

PaCoPaCo

CoCoCoCo

PaCoPaCoPaCoPaCoPaCoPaCo

1PaCoPaCoPaCoPaCoPaCoPaCo

NEXT

More Coordinator Contacts and Participant Contacts

Scien Admin FinanScien Admin Finan Scien Admin Finan

Participant B


LEARLEAR

1


CoordinatorContact

ParticipantContacts

TaskManagers

TeamMembers

LEAR

AccountAdmin.


Participant A

A.RepA.Rep

LEARLEAR

1



A.AdminA.Admin


A.RepA.Rep


LEARLEAR

1


FinanFinanAdminAdminScienScien FinanFinanAdminAdminScienScien

CoCoCoCo

PaCoPaCo

CoCoCoCo CoCoCoCo

PaCoPaCoPaCoPaCoPaCoPaCo PaCoPaCoPaCoPaCo

NamedRepresentat.

NEXT

Team MbTeam Mb Team MbTeam Mb Team MbTeam Mb

Task M.Task M.Task M.Task M.Task M.Task M.




Task M.Task M.Task M.Task M.Task M.Task M.More Coordinator Contacts and Participant Contacts

Task Managers and Team Members are no longer restricted

to specific scope(s).

A.RepA.RepFinanFinanAdminAdminScienScienA.RepA.Rep A.RepA.RepFinanFinanAdminAdminScienScien FinanFinanAdminAdminScienScien

Participant B

LEARLEAR

1

CoordinatorContact

ParticipantContacts

TaskManagers

TeamMembers

LEAR

AccountAdmin.


Participant A

LEARLEAR

1



LEARLEAR

1


CoCoCoCo

PaCoPaCo

CoCoCoCo CoCoCoCo

PaCoPaCoPaCoPaCoPaCoPaCo PaCoPaCoPaCoPaCo

NamedRepresentat.

NEXT







PaCoPaCoPaCoPaCoTask M.Task M.PaCoPaCoPaCoPaCo CoCoCoCoPaCoPaCoTask M.Task M.PaCoPaCo CoCoCoCoTask M.Task M.CoCoCoCo

CoordinatorContact

ParticipantContacts

LEAR

AccountAdmin.

Participant A

LEARLEAR

1



LEARLEAR

1


CoCoCoCoCoCoCoCo CoCoCoCo

PaCoPaCo PaCoPaCoPaCoPaCo

Experts

ReviewerReviewer ReviewerReviewerReviewerReviewer

Rapport.Rapport.

NEXT

TaskManagers

TeamMembers

Participant B

LEARLEAR

1








Task M.Task M.Task M.Task M.Task M.Task M.The roles of Named & Authorised Representatives are redistributed

Activation of non-participant roles: Reviewer and Rapporteur




Task M.Task M.Task M.Task M.Task M.Task M. Rapport.Rapport.

CoordinatorContact

ParticipantContacts

LEAR

AccountAdmin.

Participant A

LEARLEAR

1



LEARLEAR

1


CoCoCoCoCoCoCoCo CoCoCoCo


Experts

ReviewerReviewer ReviewerReviewerReviewerReviewer

Activation of non-participant roles: Reviewer and Rapporteur

Which brings us to the new version of IAM…

NEXT

TaskManagers

TeamMembers

Major changes of the new version (1/2)

1. The uniqueness of the Coordinator and Participant Contacts disappear:

The major objective of the new version is to simplify the role management and make it more flexible.In that perspective, the following changes are made:

→ one Primary Coordinator Contact as the main contact for the European Commission;

→ more Coordinator Contacts can be nominated per project;

→ more Participant Contacts can be nominated per organisation in a project.

Major changes of the new version (2/2)

2. Task Managers and Team Members are no longer restricted to specific scope(s).

3. The roles of Named Representatives are redistributed:→ Former Financial and Scientific Named Representatives, and Authorised Representatives automatically become Participant Contacts (Coordinator Contacts for the Coordinating Participant).

→ Former Administrative/Legal Named Representatives automatically become Task Managers.

→ Former Authorised Signatories automatically become Participant Contacts as well.

4. Those using the new URF version to register an organisation for a PIC, will have a self-registrant role.

Roles at Organisation level

Roles at Project level

XXXXXXX

XXXXXXXXXXXXXXX

XXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

View Project details

View roles in the Project

Edit Consortium

The list of roles will be changed automatically with the new IAM

XXXXXXX

XXXXXXXXXXXXXXX

XXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

The nomination process

“How can I give access to my colleagues?”

“How can I revoke the rights of colleagues who left the organisation?”

“Original roles”

Some roles are automatically provisioned in the early stages of the Project (“original roles”) as follows :

• The Coordinator Contact identified in the proposal will be recognised by the Commission as the Primary Coordinator Contact.

• The contact persons of the participating organisations identified during proposal submission will become Participant Contacts at the beginning of negotiations.

• The LEAR is validated by the Commission during the validation process of his/her organisation.

The nomination process

• Except for the Primary Coordinator Contact and the LEAR, every role must be modified by the Participants.

• Each user can be nominated or revoked by another user following a fixed predetermined pattern.

Let’s review the nomination/revocation process.

Coordinating Participant Participant A

LEARLEAR

1


LEARLEAR

1

A.AdminA.Admin A.AdminA.Admin A.AdminA.AdminA.AdminA.Admin

CoordinatorContacts

ParticipantContacts

LEAR

AccountAdministrator

TaskManagers

TeamMembers Team MbTeam Mb Team MbTeam Mb Team MbTeam Mb Team MbTeam Mb Team MbTeam Mb Team MbTeam Mb

Task M.Task M.Task M.Task M.Task M.Task M.Task M.Task M.Task M.Task M.Task M.Task M.

CoCoCoCo

PaCoPaCo

CoCoCoCo CoCoCoCo

PaCoPaCoPaCoPaCo

Proj

ect

Org

anis

ation

NEXT


LEARLEAR

1


LEARLEAR

1


CoordinatorContacts

ParticipantContacts

LEAR


TaskManagers



PaCoPaCo

CoCoCoCo CoCoCoCo

PaCoPaCoPaCoPaCo

Proj

ect

Org

anis

ation

NEXT

CoCoCoCo


LEARLEAR

1


LEARLEAR

1


CoordinatorContacts

ParticipantContacts

LEAR


TaskManagers



PaCoPaCo

CoCoCoCo CoCoCoCo

PaCoPaCoPaCoPaCo

Proj

ect

Org

anis

ation

NEXT

CoCoCoCo


LEARLEAR

1


LEARLEAR

1


CoordinatorContacts

ParticipantContacts

LEAR


TaskManagers



CoCoCoCo CoCoCoCo

PaCoPaCoPaCoPaCo

Proj

ect

Org

anis

ation

NEXT

CoCoCoCo

PaCoPaCo


LEARLEAR

1


LEARLEAR

1


CoordinatorContacts

ParticipantContacts

LEAR


TaskManagers



CoCoCoCo CoCoCoCo

PaCoPaCoPaCoPaCo

Proj

ect

Org

anis

ation

NEXT

CoCoCoCo

PaCoPaCo


LEARLEAR

1


LEARLEAR

1


CoordinatorContacts

ParticipantContacts

LEAR


TaskManagers



CoCoCoCo CoCoCoCo

PaCoPaCoPaCoPaCo

Proj

ect

Org

anis

ation

NEXT

CoCoCoCo

PaCoPaCo

Only the key roles of the LEAR and Primary Coordinator Contact

are defined/modified by the Commission.


LEARLEAR

1


LEARLEAR

1


CoordinatorContacts

ParticipantContacts

LEAR


TaskManagers



CoCoCoCo CoCoCoCo

PaCoPaCoPaCoPaCo

Proj

ect

Org

anis

ation

NEXT

CoCoCoCo

PaCoPaCo

Only the key roles of the LEAR and Primary Coordinator Contact

are defined/modified by the Commission.

View roles in the Project

XXXX XXXX

XXXXXXXXX XXXXXXXXXXXX XXXXXX

XXXXXXXXX XXXXXXXXXXXX XXXXXX

XXXXXXXXX XXXXXXXXXXXXXXXXXX XXXXXX

XXXXXXXXX XXXXXXXXXX XXXXXX





The list of roles will be changed automatically with the new IAM.These new roles may need to be

modified.

Add or revoke roles in the Project

LEARs will also see the list of proposals submitted.

Add a new role for the Project

XXXX XXXX

Edit Consortium function: available forthe Primary Coordinator Contact only

XXXXX

XXXXX

XXXXXXXXXXXXXX

XXXXXXXXXXXXX

Edit Participant Contact details.

XXXXX

XXXXX

XXXXXXXXXXXXXX

XXXXXXXXXXXXX

The organisation appears in the “My Organisations” tab

XXXXXXXXXXXXXXXX XXXXXX XXXXXXXX

Those who obtained a self-registrant role, will access

their data in URF from here.

LEARs can view the roles within the organisation.

XXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXX XXXXX

XXXXXXXXXXXX XXXXXXXXXXXXXXXXXXX XXXXX

XXXXXXXXXXXXX XXXXXXXXXXXXXXX XXXXX

XXXXXXXXXXXXX XXXXXXXXXXXXXX XXXXX

XXXXXXXXXXXXX XXXXXXXXXXX XXXXX

XXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXX

XXXXXXXXXXXXX

XXXXXXXXXXXXXXXX

XXXXXXXXXXXXXX XXXXX

XXXXXXXXXXXXXX XXXXX

XXXXXXXXX XXXXXXXXXXXX XXXXX

XXXXXXXXX XXXXXXXXXXXXXXX XXXXX

LEARs will see the project list of the entity.

Access rights for each role

Each person within this pyramid has different access rights according to his/her own role, and according to the state of the project.

Let’s review these rights for each role.


LEARLEAR

1


LEARLEAR

1


CoordinatorContacts

ParticipantContacts

LEAR


TaskManagers



CoCoCoCo

PaCoPaCo

CoCoCoCo CoCoCoCo

PaCoPaCoPaCoPaCo

Proj

ect

Org

anis

ation


LEAR

1

A.Admin A.Admin

LEAR

1

A.Admin A.Admin A.AdminA.Admin

CoordinatorContacts

ParticipantContacts

LEAR


TaskManagers

TeamMembers Team Mb Team Mb Team Mb Team Mb Team Mb Team Mb


PaCo

CoCoCoCo CoCoCoCo

PaCoPaCo

Proj

ect

Org

anis

ation

The Primary Coordinator Contact:• The contact person of the coordinating entity identified in the proposal is

automatically transferred as the Primary Coordinator Contact; (s)he is the primary point of contact between the Commission and the Consortium for negotiations.

• The Primary Coordinator Contact can only be revoked or modified by the Commission.

• The Primary Coordinator Contact can nominate and revoke Coordinator Contacts, Task Managers and Team Members within his/her organisation.

• The Primary Coordinator Contact can nominate and revoke Participants Contacts for any organisation in the consortium.

• The Primary Coordinator Contact has read and write access to all electronic tools, to the forms of his/her organisation and to the common forms of the consortium.

• The Primary Coordinator Contact can submit forms to the European Commission.

CoCoCoCo


LEAR

1

A.Admin A.Admin

LEAR

1


CoordinatorContacts

ParticipantContacts

LEAR


TaskManagers



PaCo

CoCoCoCo CoCoCoCo

PaCoPaCo

Proj

ect

Org

anis

ation

CoCoCoCo

Coordinator Contacts:• All Coordinator Contacts can nominate and revoke other Coordinator Contacts

within their organisation; all the nominated Coordinator Contacts have similar rights.

• All Coordinator Contacts can nominate and revoke Task Managers and Team Members within their organisation.

• All Coordinator Contacts have read and write access to all electronic tools, to their own forms and to the common forms of the consortium.

• All Coordinator Contacts can submit forms to the European Commission.


LEAR

1

A.Admin A.Admin

LEAR

1


CoordinatorContacts

ParticipantContacts

LEAR


TaskManagers



CoCo

PaCoPaCo

CoCo CoCo

PaCoPaCoPaCoPaCo

Proj

ect

Org

anis

ation

Participant Contacts:• The Participant Contacts are nominated to represent the organisation

within the consortium. • There is at least one Participant Contact per organisation, with a maximum

of 5 Participant Contacts per organisation, but there can be more than 5 with the migration of roles for organisations which are already registered.

• All Participant Contacts can nominate and revoke other Participant Contacts, Task Managers and Team Members within his/her organisation.

• All Participant Contacts have read and write access to their organisation’s forms.• All Participant Contacts can submit forms to the Coordinator Contacts.


LEAR

1

A.Admin A.Admin

LEAR

1


CoordinatorContacts

ParticipantContacts

LEAR


TaskManagers



CoCo

PaCo

CoCo CoCo

PaCoPaCo

Proj

ect

Org

anis

ation

Task Managers:• There may be one or more Task Manager(s) per organisation.• Task Managers are nominated by their Participant Contacts. • Task Managers can create and update forms of their organisation

and submit to the Participant Contacts.• Task Managers cannot delegate the role further or any of their rights.


LEAR

1

A.Admin A.Admin

LEAR

1


CoordinatorContacts

ParticipantContacts

LEAR


TaskManagers



CoCo

PaCo

CoCo CoCo

PaCoPaCo

Proj

ect

Org

anis

ation Team Members:

• Team Members are nominated by the Participant Contacts.• Team Members have limited access rights: search, read-only.• Team Members cannot delegate the role further or any of their rights.


LEARLEAR

1

A.Admin A.Admin

LEARLEAR

1


CoordinatorContacts

ParticipantContacts

LEAR


TaskManagers



CoCo

PaCo

CoCo CoCo

PaCoPaCo

Proj

ect

Org

anis

ation

The LEAR:• The LEAR can access the list of roles/persons representing his/her organisation in

Projects and the Project list of his/her organisation.• The LEAR may request to revoke users from roles within his/her organisation

e.g. by asking a Coordinator Contact or a Participant Contact to revoke a role.• The LEAR can only be revoked or modified by the Commission.• The LEAR is reponsible for the updates of the organisation-related data, can

request (online) the modification of such data, and upload supporting documents.


LEAR

1


LEAR

1


CoordinatorContacts

ParticipantContacts

LEAR


TaskManagers



CoCo

PaCo

CoCo CoCo

PaCoPaCo

Proj

ect

Org

anis

ation

The Account Administrator:• There may be one or more Account Administrator(s) within an organisation

(nominated by the LEAR of the organisation).• All Account Administrators may access the list of roles/persons representing

his/her organisation in Projects and the Project list of their organisation.• All Account Administrators can request (online) the update of the organisation-

related data.• All Account Administrators may request to revoke users from roles

within their organisatione.g. by asking a Coordinator Contactor a Participant Contact to revoke a role.

Project roles: summary

Team MbTeam Mb

Task M.Task M.

CoCoCoCo

PaCoPaCo

• Nominate and revoke Participant Contacts, Task Managers and Team Members within their organisation;

• Read/write access to own forms;• Submit to the Coordinator Contacts;• In addition, the rights listed under the Task Managers.

• Create and update forms;• In addition, rights listed under the Team Members.

• Read-only access

• Nominate and revoke other Coordinator Contacts;• Read/write access to own and common forms; • Submit to European Commission/Agency;• In addition, all rights listed under the Participant Contacts.

NEXT

• Nominate and revoke Participant Contacts for any participating organisation.• In addition, all rights listed under the Coordinator Contacts.

CoCoCoCo

Organisation roles: summary

• Access the list of roles/persons representing their organisation• Access their organisation’s list of Projects and their summaries• May request to revoke users from roles within his/her organisation

LEARLEAR

1

A.AdminA.Admin

• Nominate and revoke Account Administrators within their organisation• In addition, all rights listed under the Account Administrator.

NEXT

Access rights for each step of the project

Now that we have a better idea of the general scheme, let’s review the possibilities of the different roles

at each step of the project.

Proposal submission End of

the projectReports

Amendments

Grantagreementsignature

Negotiation

Registration

Access rights for proposal submission

• Currently, the proposal submission (EPSS) is outside the Participant Portal, but certain roles are provisioned automatically.• In the future, roles will be integrated in the proposal submission phase (SEP).• SEP: Coordinators and participant contacts will be able to provision the roles at this stage in the proposal submission system.


the projectReports

Amendments


Negotiation

Registration

Access rights for negotiations

• Read-only rights to all negotiation-related data:

• Draft and validate own forms:

• Draft and validate common forms:

• Submit data on behalf of the whole consortium to the Commission:


the projectReports

Amendments


Negotiation

Registration

Team MbTeam MbTask M.Task M.CoCoCoCoCoCoCoCo PaCoPaCo

Task M.Task M.PaCoPaCo

CoCoCoCoCoCoCoCo

CoCoCoCo

CoCoCoCoCoCoCoCo

CoCoCoCo

Access rights for amendments

• Read-only rights to all amendment-related data:

• Initiate an action:


the projectReports

Amendments


Negotiation

Registration


CoCoCoCoCoCoCoCo

• Draft and validate their forms:

• Draft and validate common forms:

• Submit data on behalf of the whole consortium to the Commission:


CoCoCoCoCoCoCoCo

CoCoCoCo

CoCoCoCoCoCoCoCo

CoCoCoCo

ReviewerReviewerCoCoCoCoCoCoCoCo

Access rights for financial reports (1/2)

(Form C, CFS, financial summary)

• Read-only rights to their Forms C/CFS:

• Draft and upload their Forms C/CFS:

• Read-only rights to the financial summary:


the projectReports

Amendments


Negotiation

Registration

Team MbTeam MbTask M.Task M.PaCoPaCo


CoCoCoCoCoCoCoCo

CoCoCoCoCoCoCoCo

• Submit to the Coordinator Contacts:

• Submit to the European Commission:

Access rights for financial reports (2/2)

(Form C, CFS, financial summary)

• Read-only rights to all participants’ Forms C/CFS:


the projectReports

Amendments


Negotiation

Registration

ReviewerReviewerCoCoCoCoCoCoCoCo

PaCoPaCo

CoCoCoCoCoCoCoCo

Access rights for scientific reports (1/2)

• Read-only rights to their forms & documents:

• Draft and upload their forms & documents:

• Read-only rights to common forms & documents:


the projectReports

Amendments


Negotiation

Registration


Task M.Task M.CoCoCoCoCoCoCoCo PaCoPaCo


• Draft and upload common forms & documents:


• Submit to the Coordinator Contacts:

• Submit to the European Commission:

Access rights for scientific reports (2/2)

• Read-only rights to all participants’ forms:


the projectReports

Amendments


Negotiation

Registration

CoCoCoCoCoCoCoCo

CoCoCoCoCoCoCoCo

PaCoPaCo

• Read-only rights to all participants’ deliverables:

• Draft and upload all participants’ deliverables:Team MbTeam MbTask M.Task M.CoCoCoCoCoCoCoCo PaCoPaCo


ReviewerReviewer Rapport.Rapport.


End of the project

Access rights for reviews (1/2)

Proposal submission Reports

Amendments


Negotiation

Registration

• Read-only rights to review forms & documents:

• Draft and upload their review forms & documents:

• Submit review:

• Review all sessions:


ReviewerReviewer

ReviewerReviewer

ReviewerReviewer

End of the project

Access rights for reviews (2/2)

Proposal submission Reports

Amendments


Negotiation

Registration

• Draft and upload consolidated review forms & documents:

• Read-only rights to consolidated review forms & documents:

• Submit consolidated review:Rapport.Rapport.

Rapport.Rapport.

Rapport.Rapport.


the projectReports

Amendments


Negotiation

Registration

Access rights for the organisation

• View and update the organisation’s data:

LEARLEAR

1A.AdminA.Admin

• Upload / download / update documentsregarding the organisation:

LEARLEAR

1A.AdminA.Admin

• NEW: Self-registrants have access to their data until a LEAR is appointed for the PIC.

Identity and Access Management (IAM). Research Participant Portal Offers external stakeholders a unique entry point for the interactions with the European.

Documents

admin participant

scien admin finan coco

repfinanadminscien lear

rep lear

rep finanadminscien

coco paco coco pacopacopaco

research participant

coordinator contacts