TABLE OF CONTENTS
Part A
Overview
This document outlines the steps involved to setup an ESS Service Identity, which is required
by the job ready Web application in order to interact with the Australian Government
Department of Education, Skills and Employment software systems through the Application
Programming Interface (API).
During your Organization's onboarding process for job ready, for the web application server
to access the ESS Subscriptions Data for your organization, your ESS Admin would have been
asked to create Subscription reports. These Subscription Reports can be accessed by the
Depts API through a secure API Gateway.
As per the Dept’s Document on the API Gateway – Authorization and Authentication
Overview, the job ready web application is setup under Scenario 3: Service to Service, and
as such also requires an ESS Service Identity to be created and linked to an SSL Certificate.
This will provide the web application secure API access to the ESS Subscriptions.
For more information refer to your ESS Portal help doc: eSam - Manage Service Identities -
User Guide, see Appendix A for details on where to access ESS Portal help docs.Target Audience and Assumed Knowledge
This document is targeted at IT Administrators and Managers and your ESS Organisation
Security Contact (OSC). You are required to be familiar with administration functions within
the Organization's ESS eSam Web Portal. The ESS Service Identity that will be created
requires specific roles and an SSL certificate that we provide, to be uploaded to ESS in order
to successfully interact with the Web API functionality within the job ready web application.ReadyTech’s Authorized Representative
ReadyTech’s General Manager of Work Pathways, Chris McMillan, is the chosen
representative authorized to access your Organizations ESS Subscription data.
Chris McMillan will be the persona that is linked to the API Service Identity that you will
create.
Part B
ESS Service Identity Creation
In order to access the ESS API, a secure authentication and authorization process is setup by
the department. As the ESS OSC, you will require ESS eSam Service Identity Creation
privileges to complete this process.
If your ESS user has these privileges, your Home menu will have the Service Identities option
as shown and you may proceed to Create the New Service Identity. If you do not see the
Service Identities option, please contact the ESS Support Helpdesk before continuing.Create New Service Identity
After clicking ‘Create a New Service Identity’, add the details below. Note the last name
prefix includes (Job Ready Application) to be clear about where this API role is used.
First Name: Chris
Last Name: McMillan(Job Ready Application)
Email Address: [email protected]
Phone Number: 0422431252
Confidential Client Redirect Url: https://fake.local.host/fwhtrn
Confidential Client Certificate Raw Data: <<see email attachment>>
Jwks Url Endpoint: https://readytech.com.au/Adjust Service Identity Roles
Specific roles are required for the new Service Identity in order to provide access to the
required API services.
Base Role:
SPS – Service Provider Basic & Claim & Rates
Contract Type:
As per the ESS contracts for your Organization.
Reporting Roles:- CNC – Bulk Data Facility
- ESP – Performance and Organizational Access
- CNC – Bulk Data Facility
Supply the Service Identity Client ID to Job Ready
The new Service Identity will be assigned a Client ID value by ESS.
This value is required by the Job Ready application in order to make a correct user identity
assertion for your Organisation.
As per the image below, copy the value in the Client ID field and email it to the
[email protected].
Confirmation
The Job Ready team will now take the Client ID and configure and test the API access for
your Organization.
Appendix A - eSam - Manage Service Identities - User Guide
The Manage Service Identities User Guide is a department document specific to the
functions relating to Service Identities. It can be found in your Provider Portal, search for API
as per image below.