This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, go to https://wso2.com/documentation/.
Managing Consent Purposes
This section guides you through adding consent purposes and defining attributes of personal user information that need to be collected and shared by WSO2 Identity Server. The purposes defined through the management console will be used to prompt the user to provide consent during self sign up in WSO2 Identity Server. It can be configured tenant-wise in which case the user will be prompted to provide consent for the purposes and attributes relevant to the user's specific tenant domain.
- For more information on how the consent purpose is used within the self registration flow, see Consent Management for Self Sign Up.
- For more information about consent management concepts and other use cases of consent management with WSO2 IS, see Consent Management Overview.
For definitions on the consent receipt, purposes, and PII categories, expand the section below.
Adding a consent purpose
The following steps describe how you can add a consent purpose using the management console.
Before adding the consent purposes using the Management Console, make sure you have the following permissions set:
/permission/admin/manage/identity/consentmgt/add/permission/admin/manage/identity/claimmgt/metadata/view
- Log into the Management Console.
To add a consent purpose within a specific tenant domain, login using tenant credentials. Navigate to Home> Manage> Consent Purposes and click Add.
The following window will be displayed.
Add a Purpose Name and a Description.
Purpose Name: A short name for the requirement of why the PII item is required.
Description: A short, clear explanation of why the PII item is required.
PII Categories: In WSO2 Identity Server context, PII categories are the user claims. Users can give consent to share claims (PII categories) for different reasons. These PII Categories can be defined by clicking Add PII Category and selecting the relevant claim.
Sample Purpose
Purpose Name: Marketing
Description: For marketing purposes
- PII Categories:
- http://wso2.org/claims/fullname
- http://wso2.org/claims/dob
- http://wso2.org/claims/emailaddress
- http://wso2.org/claims/phonenumber
Click Finish to save the purpose.The following screen will be displayed:
List consent purposes
The following steps describe how you can list consent purposes using the management console.
Before listing consent purposes using the Management Console, make sure you have the following permissions set:
/permission/admin/manage/identity/consentmgt/list/permission/admin/manage/identity/consentmgt/view
- Log into the Management Console.
Navigate to Home> Manage> Consent Purposes and click List.
The following window will be displayed.
The DEFAULT purpose listed at the top is used by the WSO2 IS resident identity provider (IdP) when sharing user attributes with external applications for the single sign-on (SSO) authentication flow. Basically, it is used when WSO2 IS acts as the IdP for SSO authentication. This DEFAULT purpose includes all the PII categories. For more information about consent management with single sign on, see Consent Management with Single-Sign-On.You can delete a purpose by clicking Delete. You can also view the PII categories associated with the Purpose by clicking View PII Categories in the Action column. The following window will be displayed when you click View PII Categories.
Delete PII Category
To delete a specific PII cateogry, use the consent management Delete PII Category REST API. Note that you can not delete a PII category that is already associated with a consent receipt.