Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

 Contents

Certificates

A digital certificate is used as a proof of identity, and can be compared to a driver’s license or a passport.

 More
In the Lequinox® platform, all personal identities, role accounts, application accesses and server accounts have three certificates used for authentication, encryption and signing. The Lequinox platform uses self-signed X.509 certificates.

Expired certificates

Every certificate has a set validity period, and once it has expired, it is no longer accepted in the Lequinox platform and needs to be renewed. For example, a sign certificate generally has a validity period of three years.

 More

When the certificates of a server account – the digital identity of an application – are about to expire, users with organisation administration access receive an email informing them that the validity of the server account is about to expire. The certificates are renewed in the Lequinox console.

Read more on how to renew an existing server account certificate.

Console administration levels

The administration level applies to internal role accounts and is set when an account is created.

Organisation user

The lowest console administration level.

 More

Accounts with the administration level ‘Organisation user’:

  • Have access to transactions they have taken part in when they go to Archive in the top navigation bar.
  • Have access to the account overview.

Role administrator

An administration level that provides access to role accounts and archive, and can add and manage role accounts that have been assigned the same role as they have.

 More

Accounts with the administration level ‘Role administrator’:

  • Can see and do the same things accounts with the administration level regular user can.
  • Can see all organisation transactions in which participants with the same role as them have participated, regardless of console administration level.
  • Can only manage role accounts that correspond to their own role.
  • Have access to My transactions and Role transaction events, a list of all transaction events relating to the same role that they are assigned to.

Organisation administrator

The highest console administration level for a connected organisation.

 More

Accounts with the console administration level ‘Organisation administrator’:

  • Can do everything that accounts with the administration levels ‘regular user’ and ‘role administrator’ can do.
  • Can create and edit roles and role accounts, and add new applications, user groups and server accounts.
  • Can see detailed information about all the organisation's transactions in the archive.
  • Are authorised to edit information on their organisation under Settings.
  • Can add role and application agreements.
  • Has access to create statistical reports on a recurring basis.

Lequinox administrator

The highest console administration level, reserved for the platform owner. This administration level is not available to connected organisations.

 More

Accounts with the console administration level ‘Lequinox administrator’:

  • Can do everything that accounts with the administration level ‘organisation administrator’ can do.
  • Can also add new organisations but for integrity reasons, they cannot not view their roles, role accounts, applications or transactions.

Role accounts

A role account is used as an identifier for a user in an organisation in the Lequinox platform. When created, a role account is assigned a role and – if it is an internal account – a console administration level as well.

When creating an internal role account, provide it with one of three administration access levels. There is a fourth level in the platform organisation, Lequinox administrator, but it should be reserved for a select few in the platform organisation that need to be able to connect customer organisations and other platform administrators.

 More

Role, organisation and Lequinox administrators can add and edit role accounts (but not their own). Regular users do not have access to the Role accounts page.

Organisation and Lequinox administrators can invite a new user to the Lequinox console by creating a role account for them. In the process, they also assign the user an organisation role and decide the administration level of the account, and whether it shall be organisation or user managed. 

Internal vs external role accounts

Internal role accounts are primarily intended for users closely linked to your organisation, like employees. External role accounts are intended for users not part of your organisation, like contractors, vendors or corporate customers, but you want to interact with them via Lequinox enabled applications and get traceability for these interactions. 

 More
  • Before you can create a role account, the role and the adhering user agreement that you want to assign them to needs to be created first.
  • External role accounts can be created through a Lequinox-enabled application using functions in the Lequinox platform REST API.
  • Internal role accounts can only be created via the Lequinox console, not via the platform REST API.

Organisation- vs user-managed role accounts

A role account (internal or external) can be either organisation-managed, where it is managed via a Lequinox-enabled application and the platform server, or user-managed where it is managed via Lequinox professional ID.

Organisation-managed

An organisation-managed role account (also referred to as platform-managed) is managed by the platform server via a Lequinox-enabled application. The application utilises functions in the Lequinox platform REST API via a platform server account. When an organisation-managed role account is involved in a transaction, the platform server acts as the role account in the transaction and signs the transaction. 

 More
  • With an organisation-managed role account, the user will not be able to sign in to the Lequinox console.
  • No activation email is sent to the user (see User-managed below).
  • You cannot reinvite an organisation-managed user. If you change first name, last name, email address or administration level, the updated information must be fetched via the REST API. The updated information is not pushed to any connected applications.
  • Once set, ‘Managed by’ for a role account cannot be changed.

User-managed

A user-managed account is managed by the user via Lequinox professional ID, which the user can download from Google Play before they activate their account.

Set an account to User-managed if the user is to be able to sign transactions via Lequinox professional ID. Once created, a user-managed role account must be activated via the invitation email that the console sends to the user. Hence, the user must install Lequinox professional ID to complete their account activation. 

 More
  • With a user-managed role account, the user will be able to sign in to the Lequinox console or a Lequinox-enabled application via Lequinox professional ID.
  • An activation email is generated and sent to the user.
  • You can reinvite a user-managed account. If you change first name, last name, email address or administration level, the updated information is pushed to Lequinox professional ID.
  • Once set, ‘Managed by’ for a role account cannot be changed.

Roles

Organisation and Lequinox administrators are able to add and edit internal and external roles associated with the organisation they belong to. Roles must also be connected to their respective agreements. When a role account is created, it must be assigned to one of the available roles. To activate their account and their role, the user must sign the connected agreement.

A role is internal or external, depending on whether it is to be assigned to internal role accounts or external role accounts.

The user agreement you want to assign to the role must be created before you create the role. 

Note that external roles can also be created through a Lequinox enabled application via functions in the platform REST API.

 More
  • External roles can be created from a Lequinox-enabled application using functions in the platform REST API.
  • Internal role accounts can only be created via the Lequinox console, not via the platform REST API.


Transactions

The Lequinox platform allows users or applications to create, send and open encrypted transactions via Lequinox-enabled applications. Transactions also include a number of services that affect what a transaction creator or participant can and cannot do, and when. 

 More

The developer decides – together with stakeholders – which services should be activated or not for a transaction and, when applicable, which values should apply. Read more about transactions on the developer concepts page.

The term transactions does not refer to financial transactions, but traceable transfers of data with integrity intact.


  • No labels

Copyright © 2021–2024 Lequa Net AB – a subsidiary of Extracticon AB (publ). All rights reserved.