Most applications available at Warwick use a method of authentication called Single Sign-on. This can involve an identity provider, which is a source of information about everyone who has a Warwick ITS Account.
When required, the identity provider supplies specific pieces of information to authorised service providers so that they in turn can provide services to you. For example, student information is provided to WarwickSU's website for event bookings. Staff member information is provided to SuccessFactors so you can change your bank details. Our identity provider is trusted by many service providers to supply accurate information. We release the minimum amount of personal information needed to a carefully curated set of service providers.
From December 12th 2019, we'll be giving you control over the information shared. We'll tell you exactly what personal information is about to be released and ask you to consent.
It's important to note that the identity provider is only able to access and share basic personal information. This information is either on the list below, or can be derived from it (e.g. we may calculate entitlements from your department code):
- Your name
- Your email address
- Your department
- Your job title / membership category (staff, student, alumni, etc.)
Note that your username and University ID are not personal information. Services which only require your username or University ID will not need consent.
When a service requests personal information, we'll tell you the name of the service provider and some basic information about it.
If the service provides a URL, we'll display the link for you to follow for further information.
We'll show you the personal details requested by the service provider. Some of these attributes have technical names, but it should be clear from the value of each attribute what is being shared:
If provided, we'll link to the service provider's data privacy page. This should explain how your personal information will be used.
At the bottom of the page, we'll give you a few options:
- Ask me again at next login - your information will be shared on this occasion only
- Ask me again if information to be provided to this service changes - we will only ask you to consent again if the service provider requests additional personal information
- Do not ask me again - we will not ask for your consent to share any of your basic personal information with any service provider.
To access the service, you must select the Accept button. If you select the Reject button, you will be unable to access the service.
You can change your mind at any time and decide to revoke the consent you have provided. To do this:
- Sign in to the Single Sign-on account management portal and find the External services consent section
- Select the Revoke all my consents button